SigSpoof
Security vulnerabilities that affected GNU Privacy Guard
From Wikipedia, the free encyclopedia
SigSpoof (CVE-2018-12020) is a family of security vulnerabilities that affected the software package GNU Privacy Guard ("GnuPG") since version 0.2.2, that was released in 1998.[1] Several other software packages that make use of GnuPG were also affected, such as Pass and Enigmail.[2][1]
Date discoveredJune 2018
DiscovererMarcus Brinkmann
Affected softwareGNU Privacy Guard (GnuPG) from v0.2.2 to v2.2.8.
| CVE identifier | CVE-2018-12020 |
|---|---|
| Date discovered | June 2018 |
| Discoverer | Marcus Brinkmann |
| Affected software | GNU Privacy Guard (GnuPG) from v0.2.2 to v2.2.8. |
In un-patched versions of affected software, SigSpoof attacks allow cryptographic signatures to be convincingly spoofed, under certain circumstances.[1][3][4][2][5] This potentially enables a wide range of subsidiary attacks to succeed.[1][3][4][2][5]
