Vulnerability Description
PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pgp | Pgp | 5.5.3i |
References
- http://www.cert.org/advisories/CA-2000-18.htmlThird Party AdvisoryUS Government Resource
- http://www.osvdb.org/4354
- http://www.securityfocus.com/bid/1606PatchVendor Advisory
- http://www.cert.org/advisories/CA-2000-18.htmlThird Party AdvisoryUS Government Resource
- http://www.osvdb.org/4354
- http://www.securityfocus.com/bid/1606PatchVendor Advisory
FAQ
What is CVE-2000-0678?
CVE-2000-0678 is a vulnerability with a CVSS score of 5.0 (MEDIUM). PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public...
How severe is CVE-2000-0678?
CVE-2000-0678 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-0678?
Check the references section above for vendor advisories and patch information. Affected products include: Pgp Pgp.