GnuPG Key Validation Issues Affecting Multiple User IDs
CVE-2003-0255
Currently unrated
Summary
The GnuPG key validation mechanism prior to version 1.2.2 is flawed in that it incorrectly assesses the validity of keys associated with multiple user IDs. Instead of analyzing each user ID's trust individually, it defaults to the highest validity level among them. Consequently, this can mislead users during encryption, as they might not receive appropriate warnings when a user ID lacks a trusted path. This oversight could potentially expose sensitive information to unauthorized entities.
References
Timeline
Vulnerability published
Vulnerability Reserved