Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0445

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2000-0445
Last Modified 10 Sep 2008 03:04:42
Published 24 May 2000 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2000-0445

Summary

The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys.

Vulnerable Systems

Application

  • Pgp 5.0 Linux

  • Pgp 5.0i

  • Pgp 6.5 Linux


References

CERT - CA-2000-09

BID - 1251

OSVDB - 1355

BUGTRAQ - 20000523 Key Generation Security Flaw in PGP 5.0


Last Updated: 27 May 2016 10:35:42