VULHUB ™

There is a serious problem in the handling of certificates when encrypting with PGP versions 5.5.x through 6.5.3. The vulnerability lies within PGP's handling of Additional Decryption Keys (ADK) allowing a malicious user to insert an additional public key into the unsigned part of the user's public key-certificate. The malicious user may then be able to recover the plaintext of any encrypted text sent to the victim using the altered certificate.

There is a serious problem in the handling of certificates when encrypting with PGP versions 5.5.x through 6.5.3. The vulnerability lies within PGP's handling of Additional Decryption Keys (ADK) allowing a malicious user to insert an additional public key into the unsigned part of the user's public key-certificate. The malicious user may then be able to recover the plaintext of any encrypted text sent to the victim using the altered certificate.