| Vulnerability Name: | CVE-2000-0678 (CCN-5136) | ||||||||
| Assigned: | 2000-08-24 | ||||||||
| Published: | 2000-08-24 | ||||||||
| Updated: | 2008-09-10 | ||||||||
| Summary: | PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Thu Aug 24 2000 - 09:28:51 CDT SERIOUS PGP BUG! Source: CCN Type: UKCrypto Mailing List, Thu, 24 Aug 2000 08:09:07 +0100 Serious bug in PGP - versions 5 and 6 Source: MITRE Type: CNA CVE-2000-0678 Source: CCN Type: Ralf Senderek Web site Key Experiments - How PGP Deals With Manipulated Keys Source: CCN Type: CERT Advisory CA-2000-18 PGP May Encrypt Data With Unauthorized ADKs Source: CERT Type: Third Party Advisory, US Government Resource CA-2000-18 Source: CCN Type: CIAC Information Bulletin K-070 PGP Additional Decryption Keys (ADKs) Vulnerability Source: CCN Type: US-CERT VU#747124 ADK flaw in recent versions of PGP Source: OSVDB Type: UNKNOWN 4354 Source: CCN Type: OSVDB ID: 4354 NAI PGP Certificates Unsigned ADKs Cleartext Message Disclosure Source: CCN Type: PGP Security Web site PGP ADK Security Advisory Source: BID Type: Patch, Vendor Advisory 1606 Source: CCN Type: BID-1606 PGP ADK Insertion Vulnerability Source: XF Type: UNKNOWN nai-pgp-unsigned-adk(5136) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||