SigSpoof

The SigSpoof is a topic that has captured people's attention over the years. With its impact on society and culture, this topic has generated constant debate and has left a mark on history. From its origin to current trends, SigSpoof has evolved and maintained its relevance in different contexts. In this article we will explore the various facets and perspectives related to SigSpoof, examining its influence in different areas and its role in everyday life.

SigSpoof
CVE identifier(s)CVE-2018-12020
Date discoveredJune 2018 (2018-06)
DiscovererMarcus Brinkmann
Affected softwareGNU Privacy Guard (GnuPG) from v0.2.2 to v2.2.8.

SigSpoof (CVE-2018-12020) is a family of security vulnerabilities that affected the software package GNU Privacy Guard ("GnuPG") since version 0.2.2, that was released in 1998. Several other software packages that make use of GnuPG were also affected, such as Pass and Enigmail.

In un-patched versions of affected software, SigSpoof attacks allow cryptographic signatures to be convincingly spoofed, under certain circumstances. This potentially enables a wide range of subsidiary attacks to succeed.

References

  1. ^ a b c d Goodin, Dan (2018-06-14). "Decades-old PGP bug allowed hackers to spoof just about anyone's signature". Ars Technica. Retrieved 2018-10-08.
  2. ^ a b c Chirgwin, Richard (2018-06-19). "Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug". The Register. Retrieved 2018-10-08.
  3. ^ a b Böck, Hanno (2018-06-13). "SigSpoof: Signaturen fälschen mit GnuPG". Golem.de. Retrieved 2018-10-08.
  4. ^ a b von Westernhagen, Olivia (2018-06-14). "Enigmail und GPG Suite: Neue Mail-Plugin-Versionen schließen GnuPG-Lücke". Heise Security. Retrieved 2018-10-08.
  5. ^ a b "20 Jahre alter Fehler entdeckt: PGP-Signaturen ließen sich einfach fälschen - derStandard.at". Der Standard. 2018-06-18. Retrieved 2018-10-08.


Stub icon

This computer security article is a stub. You can help Wikipedia by expanding it.

Wikious
Boobota
Sagapedia