PT-2001-2165 · Pgp · Personal Security+3

Publicado

2001-09-04

Atualizado

2017-10-10

CVE-2001-1016

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PGP Corporate Desktop versions prior to 7.1 PGP Personal Security versions prior to 7.0.3 PGP Freeware versions prior to 7.0.3 PGP E-Business Server versions prior to 7.1

Description The issue concerns the improper display of invalid user IDs when signing a message. This could allow an attacker to deceive a user into believing a document was signed by a trusted third party by adding a second, invalid user ID to a key that has already been signed by the third party.

Recommendations For PGP Corporate Desktop versions prior to 7.1, update to version 7.1 or later. For PGP Personal Security versions prior to 7.0.3, update to version 7.0.3 or later. For PGP Freeware versions prior to 7.0.3, update to version 7.0.3 or later. For PGP E-Business Server versions prior to 7.1, update to version 7.1 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2001-1016

Produtos afetados

Pgp Corporate Desktop

Pgp E-Business Server

Pgpfreeware

Personal Security

PT-2001-2165 · Pgp · Personal Security+3

CVE-2001-1016

Identificadores relacionados

Produtos afetados

Referências · 6