Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1284

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2002-1284
Last Modified 10 Sep 2008 03:14:14
Published 29 Nov 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-1284

Summary

The wizard in KGPG 0.6 through 0.8.2 does not properly provide the passphrase to gpg when creating new keys, which causes secret keys to be created with an empty passphrase and allows local attackers to steal the keys if they can be read.

Vulnerable Systems

Application

  • Kgpg 0.6

  • Kgpg 0.6.1

  • Kgpg 0.7

  • Kgpg 0.8

  • Kgpg 0.8.1

  • Kgpg 0.8.2


References

BUGTRAQ - 20021110 GLSA: kgpg

XF - kgpg-wizard-empty-password(10629)

CONFIRM - http://devel-home.kde.org/~kgpg/bug.html

BID - 6152


Last Updated: 27 May 2016 10:37:16