| Vulnerability Name: | CCN-9849 | ||||||
| Published: | 2002-08-12 | ||||||
| Updated: | 2002-08-12 | ||||||
| Summary: | OpenPGP is an open-source security format that uses public/private keys to encrypt, sign, and decrypt messages. Programs that use the OpenPGP format, including PGP and GNU Privacy Guard (GnuPG or GPG) could possibly allow a remote attacker to obtain portions of encrypted messages using a "chosen-ciphertext" attack. A remote attacker could send a specially-crafted message to a user who is using one of the affected encryption programs, and convince this user to decrypt the message, which could possibly allow the attacker to recover portions of the original message.
Note: Refer to the Counterpane Internet Security, Inc. paper: "Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG" for more information. See References. | ||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||
| CVSS v2 Severity: | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||
| Vulnerability Consequences: | Obtain Information | ||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon Aug 12 2002 - 12:45:26 CDT Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG Source: CCN Type: Counterpane Internet Security, Inc. Web site Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG Source: CCN Type: BID-5446 PGP / GnuPG Chosen Ciphertext Message Disclosure Vulnerability Source: XF Type: UNKNOWN openpgp-ciphertext-message-disclosure(9849) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||