Mutt: neomutt: bcc email header field is indirectly leaked by cryptographic info block

Vulnerability

In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode, which may leak the Bcc email header field by allowing inference from the recipients info. This affects all versions of mutt and neomutt that support PGP encryption.

Exploitation

An attacker with access to the encrypted email (e.g., via network interception or mailbox access) can observe the PGP metadata, which includes the list of recipient key IDs if --hidden-recipient is not used. If a Bcc recipient is included in the encryption but not in the visible To/Cc headers, the attacker can infer the Bcc recipient from the key ID list.

Impact

Successful exploitation leads to information disclosure of Bcc recipients. The attacker gains the knowledge of hidden recipients, violating the confidentiality intended by Bcc usage. No code execution or privilege escalation is involved.

Mitigation

A fix is not yet available in upstream mutt or neomutt. Users are advised to manually configure PGP to use the --hidden-recipient option when encrypting messages. Red Hat is tracking this issue as of November 2024 [1][2].