GHSA-QMVQ-F3FJ-M3WG OpenPGP 1.2.0 and earlier decrypts arbitrary messages

s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message...

CVE-2015-8013

s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message...

Authentication flaw

s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message...

CVE-2015-8013

CVE-2015-8013 concerns s2k.js in OpenPGP.js, where crafted PGP keys can be decrypted regardless of the provided passphrase, enabling an attacker to bypass authentication if message decryption is used as an authentication mechanism. The concrete technical detail across the connected documents iden...

CVE-2015-8013

s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message...

Openpgp.js 's2k.js' Security Bypass Vulnerability

Openpgp.js is a library that implements the OpenPGP encryption algorithm in JavaScript. A security bypass vulnerability exists in Openpgp.js, which allows remote attackers to exploit the vulnerability to obtain sensitive information and perform unauthorized operations...