PT-2001-2165 · Pgp · Personal Security+3

Published

2001-09-04

Updated

2017-10-10

CVE-2001-1016

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PGP Corporate Desktop versions prior to 7.1 PGP Personal Security versions prior to 7.0.3 PGP Freeware versions prior to 7.0.3 PGP E-Business Server versions prior to 7.1

Description The issue concerns the improper display of invalid user IDs when signing a message. This could allow an attacker to deceive a user into believing a document was signed by a trusted third party by adding a second, invalid user ID to a key that has already been signed by the third party.

Recommendations For PGP Corporate Desktop versions prior to 7.1, update to version 7.1 or later. For PGP Personal Security versions prior to 7.0.3, update to version 7.0.3 or later. For PGP Freeware versions prior to 7.0.3, update to version 7.0.3 or later. For PGP E-Business Server versions prior to 7.1, update to version 7.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-1016

Affected Products

Pgp Corporate Desktop

Pgp E-Business Server

Pgpfreeware

Personal Security

PT-2001-2165 · Pgp · Personal Security+3

CVE-2001-1016

Related Identifiers

Affected Products

References · 6