Security Flaw in GnuPG Affects Key Management
CVE-2001-0072
Currently unrated
Summary
A security issue in GnuPG versions prior to 1.0.4 allows the software to import both public and private keys from public key servers without alerting users. This lack of notification regarding private keys poses a threat to the integrity of the web of trust, potentially allowing attackers to misuse trust relationships. Users relying on GnuPG for secure communications should be aware of this vulnerability and take necessary precautions against the risks associated with unverified key imports.
References
Timeline
Vulnerability published
Vulnerability Reserved