Vulnerability Description
PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a trusted third party by adding a second, invalid user ID to a key which has already been signed by the third party, aka the "PGPsdk Key Validity Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pgp | Corporate Desktop | 7.1 |
| Pgp | E-Business Server | 6.5.8 |
| Pgp | Freeware | 7.0.3 |
| Pgp | Personal Security | 7.0.3 |
| Pgp | Pgp | 5.0 |
References
- http://www.osvdb.org/1946
- http://www.pgp.com/support/product-advisories/pgpsdk.aspPatchVendor Advisory
- http://www.securityfocus.com/archive/1/211806PatchVendor Advisory
- http://www.securityfocus.com/bid/3280PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7081
- http://www.osvdb.org/1946
- http://www.pgp.com/support/product-advisories/pgpsdk.aspPatchVendor Advisory
- http://www.securityfocus.com/archive/1/211806PatchVendor Advisory
- http://www.securityfocus.com/bid/3280PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7081
FAQ
What is CVE-2001-1016?
CVE-2001-1016 is a vulnerability with a CVSS score of 7.5 (HIGH). PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, wh...
How severe is CVE-2001-1016?
CVE-2001-1016 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1016?
Check the references section above for vendor advisories and patch information. Affected products include: Pgp Corporate Desktop, Pgp E-Business Server, Pgp Freeware, Pgp Personal Security, Pgp Pgp.