Session Management Flaw in Symantec PGP Universal Server
CVE-2012-3582

Currently unrated

Key Information:

Vendor: Symantec
Status: Pgp Universal Server
Vendor: CVE Published:; 4 September 2012

What is CVE-2012-3582?

The Symantec PGP Universal Server 3.2.x versions prior to 3.2.1 MP2 exhibit inadequate session management during key search requests. This oversight allows remote attackers the potential to access private keys if a request is made towards the end of an active user session. It underscores the critical importance of robust session handling mechanisms to safeguard sensitive cryptographic information.

References

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/55246

vdb-entryx_refsource_BID

http://www.securitytracker.com/id?1027467

vdb-entryx_refsource_SECTRACK

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2012
Vulnerability Reserved
Jun 19, 2012