Researchers have uncovered a new flaw in the Pretty Good Privacy email encryption tool. The warning has come from Counterpane Internet Security and Columbia University.
They've found it's possible for snoopers to decode messages by tricking intended recipients.
The ploy involves intercepting and altering encrypted messages so they appear as gibberish to the recipient.
If the recipient returns that message to the sender they risk inadvertently decoding the message.
The vulnerability only occurs if the recipient sends the original text with their text. But the researchers point out that many PGP users have their software configured to do this every time they reply to a message.
Intercepting email is not difficult using programs known as sniffers and their use is relatively common among businesses monitoring employee email use.
Principal author of the PGP open standard at the Internet Engineering Task Force admitted the vulnerability is serious, but insists it is difficult to exploit.
An update addressing the issue has been released to coincide with the announcement of the flaw.
The findings come just weeks after the disclosure of a separate vulnerability affecting users of the most widely-used email encryption tool.
Last month Eye Digital Security discovered that companion software for Outlook users contained a flaw that could allow hackers to wrest control of victims' machines. PA