PT-2002-2698 · Network Associates · Pgp
Published
2002-12-31
·
Updated
2008-09-05
·
CVE-2002-1977
CVSS v2.0
2.1
Low
| Vector | AV:L/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Network Associates PGP versions 7.0.4 through 7.1
Description
The issue concerns the
Passphrase Cache option, where the timeout value is not properly enforced, potentially allowing attackers to access encrypted files without providing a passphrase.Recommendations
For versions 7.0.4 through 7.1, consider disabling the
Passphrase Cache option to minimize the risk of exploitation until a proper fix is available.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Pgp