GnuPG Key Validation Issues Affecting Multiple User IDs
CVE-2003-0255

Currently unrated

Key Information:

Vendor
Gnu
Vendor
CVE Published:
27 May 2003

Summary

The GnuPG key validation mechanism prior to version 1.2.2 is flawed in that it incorrectly assesses the validity of keys associated with multiple user IDs. Instead of analyzing each user ID's trust individually, it defaults to the highest validity level among them. Consequently, this can mislead users during encryption, as they might not receive appropriate warnings when a user ID lacks a trusted path. This oversight could potentially expose sensitive information to unauthorized entities.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.