Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 13 Oct 2015 20:21:54 +0200
From: Gijs Hollestelle <>
Subject: CVE Request: Openpgp.js Critical vulnerability in S2K


A vulnerability in the S2K function of OpenPGP.js allows to produce a
predictable session key without knowing the passphrase.

An attacker is able to create a private PGP key that will decrypt in
OpenPGP.js regardless of the passphrase given.

Also using this flaw it is possible to forge a symmetrically encrypted PGP
message (Symmetric-Key Encrypted Session Key Packets (Tag 3)) that
will decrypt with any passphrase in OpenPGP.js. This can be an attack
vector if successful decryption of such a message is used as an
authentication mechanism.

The bug is fixed with a strict check on unknown S2K types.


Fixed by:

Fixen in:
OpenPGP.js v1.3.0

Could a CVE please be assigned to this issue?


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.