gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an malicious user to break the web of trust.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu privacy guard 1.0.2 |
||
gnu privacy guard 1.0.3 |
||
gnu privacy guard 1.0.3b |
||
gnu privacy guard 1.0 |
||
gnu privacy guard 1.0.1 |