Encrypted email service Tutanota has told its users that it discovered and fixed a cross-site scripting flaw just a week after a free version of the platform was launched in beta.
The German-based start-up revealed in a blog post on Friday that it contacted security researcher Thomas Roth to dig about in its code.
Roth, who earlier this month demonstrated a JavaScript-injection attack against rival service ProtonMail, soon found an issue with the Tutanota web app, the firm explained.
“The attack worked as follows: When forwarding an email, the subject was embedded in the body of the new email unsanitized. This made it theoretically possible for attackers to manipulate the subject upon sending an email to a Tutanota email address,” the blog post noted.
“Then the attacker had to trick the user into forwarding this email. This way he would have had the opportunity to execute JavaScript code in the context of the web application. We have fixed the issue right away. Now the subject is embedded, sanitized and such an attack is no longer possible.”
A spokesperson for the Hannover-based firm told Infosecurity that it managed to fix the bug in a little over 11 hours after being notified early on Friday morning.
“Tutanota is installed in the application cache and only updated with every new release. This way we can patch security issues like the one from Friday immediately. If the user had to download the patched version, it would take a long time until everybody used this version,” they added.
“The described process is also used by browsers like Chrome and Firefox and not generally questioned as insecure. Upon a new release the user is notified that the client software is updated. After having made Tutanota available as open source, he can then check if his new version is the same one as the officially published one.”
The firm was also at pains to point out that the problem was with the web app itself rather than the encryption method used to render emails unreadable to the likes of NSA and GCHQ snoopers.
“With Tutanota we cannot get access to the user's private key because it is stored encrypted on the server,” said the spokesperson. “It is encrypted with the user's password and that password is never sent to the server. Decryption of the user's private key takes place on the client.”
The firm plans to open source its code in a few months so that it can be reviewed in detail by anyone, in theory making it more secure.