PGP ADK Insertion Vulnerability

A vulnerability exists in certain versions of PGP which support ADKs (Additional Decryption Keys), potentially allowing an attacker to insert a public key into the unsigned portion of the victim's public key. The end result is that all communications sent to the victim encrypted with the altered public key would also be encrypted for the attacker, who could then decrypt it with his own key.


 

Privacy Statement
Copyright 2010, SecurityFocus