New Search

GnuPG (GPG) 1.0.2 and other versions up to 1.2.3 creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing which allows attackers to determine the private key from a signature.

oval:org.mitre.oval:def:10982

GnuPG (GPG) 1.0.2 and other versions up to 1.2.3 creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing which allows attackers to determine the private key from a signature.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • Red Hat Enterprise Linux 3
  • CentOS Linux 3
Class:
vulnerability
Reference(s):
  • CVE-2003-0971
Product(s):