| Vulnerability Name: | CVE-2001-1016 (CCN-7081) | ||||||||
| Assigned: | 2001-09-04 | ||||||||
| Published: | 2001-09-04 | ||||||||
| Updated: | 2017-10-10 | ||||||||
| Summary: | PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a trusted third party by adding a second, invalid user ID to a key which has already been signed by the third party, aka the "PGPsdk Key Validity Vulnerability." | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2001-1016 Source: OSVDB Type: UNKNOWN 1946 Source: CCN Type: OSVDB ID: 1946 PGPsdk Display Invalid Key Source: CCN Type: PGP Web site PGP Hotfix Source: CCN Type: PGP Security Advisory PGPsdk Key Validity Vulnerability Source: CONFIRM Type: Patch, Vendor Advisory http://www.pgp.com/support/product-advisories/pgpsdk.asp Source: BUGTRAQ Type: Patch, Vendor Advisory 20010904 PGPsdk Key Validity Vulnerability Source: BID Type: Patch, Vendor Advisory 3280 Source: CCN Type: BID-3280 PGP Invalid Key Display Vulnerability Source: XF Type: UNKNOWN pgp-invalid-key-display(7081) Source: XF Type: UNKNOWN pgp-invalid-key-display(7081) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||