CVE-2000-0445 — PGP vulnerability

2 documents2 sources

Severity

2.1LOWNVD

EPSS

0.3%

top 50.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

PGP

Timeline

PublishedMay 24

Latest updateApr 30

Description

The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDpgp/pgp5.0_linux, 5.0i, 6.5_linux+2

🔴Vulnerability Details

GHSA

GHSA-r4m8-4q3x-xfcc: The pgpk command in PGP 5↗2022-04-30

▶