CVE-2000-0678

Name of the Vulnerable Software and Affected Versions PGP versions 5.5.x through 6.5.3

Description The issue arises from improper checking of an Additional Decryption Key (ADK) in the signed portion of a public certificate. This allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate.

Recommendations For versions 5.5.x through 6.5.3, consider restricting access to certificate modification to prevent exploitation until a proper fix is applied. As a temporary workaround, carefully monitor and control any changes made to public certificates to minimize the risk of decryption by unauthorized parties.