VULNERABILITIES Mutt PGP/GnuPG Verified Email Signature Spoofing Vulnerability It is reported that Mutt contains a vulnerability that allows attackers to send email that spoofs the look of a successfully verified PGP/GnuPG email message. An attacker may potentially simulate the look of the PGP/GnuPG output that Mutt usually includes when processing signed email messages. If a user employs Mutt with a specific configuration, the attacker may make email messages look almost identical to a properly signed and verified email. This may allow an attacker to create a message that falsifies a correctly verified PGP/GnuPG signature. This could allow an attacker to spoof email from trusted sources. This will likely greatly increase the effectiveness of social engineering attacks. In the index mode, messages with signatures have the 's' flag. Verified signatures change to 'S'. Ensuring that messages have the proper attributes will aid in the mitigation of this vulnerability. Versions 1.3.28 and 1.5.6 are reported affected by this vulnerability. Other versions are also likely affected.
I think all this is supposed to be is formatting a message with something like ------------------ verified signature ------------------ in it. Not really much the mutt guys or we can do about that, anyway. And I sorta doubt phishers are going to target mutt users, given that they aren't a huge subset of the population anyway.
