Computer security experts warn that Internet snoopers in some circumstances can decode sensitive e-mail messages simply by tricking recipients into hitting the reply button.
The flaw affects software using Pretty Good Privacy (PGP), the most popular tool for scrambling e-mail.
Researchers at Columbia University and Counterpane Internet Security Inc. found that someone intercepting an encrypted message could unscramble it by repackaging the message and passing it on to the recipient.
The message would appear as gibberish, possibly prompting the recipient to request a resend.
If the recipient includes the original text with that request - as many people have configured their software to do automatically when they reply - the interceptor could then read the original message.
Bruce Schneier, Counterpane's chief technology officer, said most people would never dream that security can be compromised simply by returning gibberish.
"This little back door defeats the entire purpose of this 'pretty good' encyption technique," says CBSNews.com PC Answer columnist Larry Magid. "You have a lot of people who think their messages are safe, when they're really not."
Intercepting a message is easily done through software known as sniffers, and companies may use such programs to monitor employees on its network. An oppressive government may snoop on its citizens if it also controls service providers or other access points.
Thus, human rights workers, some FBI agents and even the son of a jailed mobster have used PGP to encrypt messages sent over the Internet and data stored on computers.
So powerful is the technology that the U.S. government until 1999 sought to restrict its sale out of fears that criminals, terrorists and foreign nations might use it.
Magid notes however that while a few in the FBI might use PGP-based programs, highly sensitive data is more commonly encoded with far more advanced encryption tools.
Jon Callas, principal author of the OpenPGP standard at the Internet Engineering Task Force, said the vulnerability is serious but very difficult to exploit.
And, he said, many PGP software packages compress messages before sending. Researchers found that such compression can sometimes thwart the unauthorized decoding.
Nonetheless, an update to the OpenPGP standard was to be released Monday to coincide with the announcement of the flaw. Many developers already have begun to write software fixes, Callas said.
In the meantime, Schneier and Callas urged recipients of PGP e-mail to avoid including full text of messages when replying.
Schneier and co-researchers Kahil Jallad and Jonathan Katz, who were at Columbia University when they discovered the flaw, identified its possibility about a year ago. The latest paper offered a demonstration of the flaw in practice.
The findings come weeks after researchers at eEye Digital Security Inc. discovered that hackers could exploit a programming flaw in companion software - a plug-in for Microsoft Corp.'s Outlook program - to attack a user's computer and in some cases, unscramble messages.
In neither case does the flaw affect the actual encrypting formulas used to scramble messages.