Vulnerabilities > CVE-2001-1016 - Unspecified vulnerability in PGP products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

pgp

NVD

Published: 2001-09-04

Updated: 2017-10-10

Summary

PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a trusted third party by adding a second, invalid user ID to a key which has already been signed by the third party, aka the "PGPsdk Key Validity Vulnerability."

Vulnerable Configurations

Part	Description	Count
Application	Pgp PGP Corporate Desktop 7.1 PGP E Business Server 6.5.8 PGP E Business Server 7.0.4 PGP E Business Server 7.1 PGP Freeware 7.0.3 PGP Personal Security 7.0.3 PGP PGP 5.0 PGP PGP 6.0.2	8

Summary

Vulnerable Configurations

References