CVE-2001-0381

Name of the Vulnerable Software and Affected Versions GnuPG version 1.0.5

Description The issue allows an attacker to determine the private signature key via a cryptanalytic attack. This is achieved by altering the encrypted private key file and capturing a single message signed with the signature key. Exploitation of this issue can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation can be carried out locally.

Recommendations For GnuPG version 1.0.5, consider updating to a newer version to mitigate the risk, as the current version may allow an attacker to determine the private signature key. At the moment, there is no information about a newer version that contains a fix for this vulnerability.