OpenBSD VuXML: Documenting security issues in the OpenBSD Ports & Packages Collection

gnupg -- OpenPGP protocol attack

Affected packages
gnupg < 1.4.1

Details

VuXML ID be6057f4-9ecf-11d9-82a1-00065bd5b0b6
Discovery 2005-03-24
Entry 2005-03-27

A vulnerability in OpenPGP can be used by attackers to recover partial plaintexts from messages employing symmetric encryption. Researchers Serge Mister and Robert Zuccherato of Entrust have developed a chosen-ciphertext attack method that can be used against OpenPGP messages encrypted using cipher feedback (CFB) mode. The attack takes advantage of an integrity check feature that is intended to save time by aborting futile and possibly lengthy decryption attempts.

[source]

References

CVE Name CAN-2005-0366
URL http://www.kb.cert.org/vuls/id/303094

Copyright © 2003-2005 Jacques Vidrine, Robert Nagy, and contributors.
Please see the source of this document for full copyright information.