0.002 Low
EPSS
Percentile
65.1%
OpenPGP is vulnerable to authentication bypass. s2k.js will decrypt messages regardless of the passphrase given. If message decryption is used as an authentication mechanism, attackers can use this flaw to bypass the authentication.
seclists.org/oss-sec/2015/q4/77