CVE-2001-0435
First published: Thu May 24 2001(Updated: )
The split key mechanism used by PGP 7.0 allows a key share holder to obtain access to the entire key by setting the "Cache passphrase while logged on" option and capturing the passphrases of other share holders as they authenticate.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PGP OpenPGP | =7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2001-0435?
CVE-2001-0435 is classified as a high-severity vulnerability due to the potential compromise of cryptographic keys.
How do I fix CVE-2001-0435?
To mitigate CVE-2001-0435, avoid using the 'Cache passphrase while logged on' option in PGP 7.0.
Who is affected by CVE-2001-0435?
Users of PGP 7.0 that utilize the split key mechanism are affected by CVE-2001-0435.
What kind of attack can exploit CVE-2001-0435?
CVE-2001-0435 can be exploited through passphrase capturing by a malicious key share holder.
Is there a patch available for CVE-2001-0435?
There is no specific patch for CVE-2001-0435, but users should upgrade to newer versions of PGP for better security.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/pgp
- canonical/pgp openpgp
- version/pgp openpgp/7.0