This article may be too technical for most readers to understand.(September 2018) |
CVE identifier(s) | CVE- 2018-12020 |
---|---|
Date discovered | June 2018 |
Discoverer | Marcus Brinkmann |
Affected software | GNU Privacy Guard (GnuPG) from v0.2.2 to v2.2.8. |
SigSpoof ( CVE- 2018-12020) is a family of security vulnerabilities that affected the software package GNU Privacy Guard ("GnuPG") since version 0.2.2, that was released in 1998. [1] Several other software packages that make use of GnuPG were also affected, such as Pass and Enigmail. [2] [1]
In un- patched versions of affected software, SigSpoof attacks allow cryptographic signatures to be convincingly spoofed, under certain circumstances. [1] [3] [4] [2] [5] This potentially enables a wide range of subsidiary attacks to succeed. [1] [3] [4] [2] [5]