Gnu Privacy Guard (GnuPG or GPG)

Jun 18, 2018

Vulnerability in GnuPG has allowed counterfeiting of digital signatures for decades

A failure affecting GnuPG has made some of the most commonly used e-mail encryption programs vulnerable to digital signature falsification. The list of affected programs includes Enigmail and GPGTools. About Vulnerability (CVE-2018-12020) The vulnerability CVE-2018-12020, nicknamed SigSpoof by Marcus Brinkmann, the investigator who found it, emerged from “weak design choices.” According to the information security […]

root

GPG PATCHES 18-YEAR-OLD LIBGCRYPT RNG BUG

New versions of Libgcrypt and Gnu Privacy Guard (GnuPG or GPG) released on Wednesday include security fixes for vulnerabilities discovered in the mixing functions of the Libgcrypt random number generator. The flaws were privately disclosed by Felix Dörre and Vladimir Klebanov of Karlsruhe Institute of Technology in Germany, and according to an advisory from the […]