PGP 5.5.x up to and including 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pgp pgp 6.5.1i |
||
pgp pgp 6.5.3i |
||
pgp pgp 5.5.3i |