PT-2001-1650 · Pgp · Pgp

Published

2001-05-24

Updated

2016-10-18

CVE-2001-0435

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PGP version 7.0

Description The issue concerns the split key mechanism in PGP, which allows a key share holder to gain access to the entire key. This can be achieved by setting the Cache passphrase while logged on option and capturing the passphrases of other share holders as they authenticate.

Recommendations For PGP version 7.0, consider disabling the Cache passphrase while logged on option to prevent potential exploitation. Additionally, restrict access to the key sharing mechanism to minimize the risk of unauthorized access.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0435

Affected Products

Pgp

PT-2001-1650 · Pgp · Pgp

CVE-2001-0435

Related Identifiers

Affected Products

References · 2