CVE Vulnerabilities

CVE-2005-0366

Inadequate Encryption Strength

Published: May 02, 2005 | Modified: Dec 10, 2020
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed.

Weakness

The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Affected Software

Name Vendor Start Version End Version
Gnupg Gnupg * *
Gnupg Ubuntu dapper *
Gnupg Ubuntu devel *
Gnupg Ubuntu edgy *
Gnupg Ubuntu feisty *

Potential Mitigations

References