A vulnerability in OpenPGP may allow attackers to recover partial plaintexts from OpenPGP messages that use symmetric encryption.
A vulnerability in OpenPGP can be used by attackers to recover partial plaintexts from messages employing symmetric encryption. Researchers Serge Mister and Robert Zuccherato of Entrust have developed a chosen-ciphertext attack method that can be used against OpenPGP messages encrypted using cipher feedback (CFB) mode. The attack takes advantage of an integrity check feature that is intended to save time by aborting futile and possibly lengthy decryption attempts.
Attackers may be able to recover partial plaintexts from OpenPGP messages that use symmetric encryption.
Apply a patch from your vendor
This vulnerability was discovered by Serge Mister and Robert Zuccherato of Entrust.
This document was written by Jeffrey P. Lanza and Will Dormann.
|Date First Published:||2005-02-11|
|Date Last Updated:||2005-05-23 13:38 UTC|