CVE-2001-0435 — PGP vulnerability

2 documents2 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 76.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

PGP

Timeline

PublishedJul 2

Latest updateApr 30

Description

The split key mechanism used by PGP 7.0 allows a key share holder to obtain access to the entire key by setting the "Cache passphrase while logged on" option and capturing the passphrases of other share holders as they authenticate.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDpgp/pgp7.0

🔴Vulnerability Details

GHSA

GHSA-5rmq-q5qg-vcf7: The split key mechanism used by PGP 7↗2022-04-30

▶