Jump to content

SigSpoof

Add links
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Zazpot (talk | contribs) at 19:34, 9 September 2018 (Word order). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

SigSpoof is a family of vulnerabilities that affected the software package GNU Privacy Guard ("GnuPG"). Some other software packages that make use of GnuPG were also affected, such as Pass.[1]

In unpatched versions of affected software, SigSpoof attacks allow cryptographic signatures to be convincingly spoofed, under certain circumstances. This potentially enables a wide range of subsidiary attacks to succeed.[2][3][1][4][5]

References

  1. ^ a b "Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug".
  2. ^ Security, heise. "Enigmail und GPG Suite: Neue Mail-Plugin-Versionen schließen GnuPG-Lücke". Security.
  3. ^ "SigSpoof: Signaturen fälschen mit GnuPG - Golem.de".
  4. ^ "Decades-old PGP bug allowed hackers to spoof just about anyone's signature".
  5. ^ "20 Jahre alter Fehler entdeckt: PGP-Signaturen ließen sich einfach fälschen - derStandard.at". DER STANDARD.
Stub icon

This computing article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=SigSpoof&oldid=858812871"