PT-2019-6498 · Firegpg · Firegpg

Daniel Moerner

Published

2019-11-07

Updated

2020-02-10

CVE-2008-7272

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions FireGPG versions prior to 0.6

Description The issue concerns the insecure handling of a user's passphrase and decrypted cleartext by FireGPG. Specifically, it writes pre-encrypted cleartext and the user's passphrase to disk, which may compromise secure communication or a user's private key.

Recommendations For FireGPG versions prior to 0.6, update to version 0.6 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data and avoiding the use of FireGPG for secure communication until the update is applied.

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2008-7272

Affected Products

Firegpg

PT-2019-6498 · Firegpg · Firegpg

CVE-2008-7272

Weakness Enumeration

Related Identifiers

Affected Products

References · 6