1. Home
  2. Forums Index
  3. WebmasterWorld / Website Security for Webmasters 1:22 am May 21, 2026

Forum Moderators: open

Message Too Old, No Replies

Very Old PGP Bug, SigSpoof, Fixed

         

engine

10:01 am on Jun 18, 2018 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



A decades old flaw in PGP has finally been fixed in in GnuPG version 2.2.8, Enigmail 2.0.7, GPGTools 2018.3, and python GnuPG 0.4.3.

For their entire existence, some of the world's most widely used email encryption tools have been vulnerable to hacks that allowed attackers to spoof the digital signature of just about any person with a public key, a researcher said Wednesday. GnuPG, Enigmail, GPGTools, and python-gnupg have all been updated to patch the critical vulnerability. Enigmail and the Simple Password Store have also received patches for two related spoofing bugs. Very Old PGP Bug, SigSpoof, Fixed [arstechnica.com]

keyplyr

1:31 am on Jun 19, 2018 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Do they have to change the name now from PGP (Pretty Good Privacy) to NVGP (Not Very Good Privacy)?

tangor

4:11 am on Jun 19, 2018 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Or the "we started it but others are doing it better these days".... ?

What is fun is that a decades old flaw still managed to flummox bad actors... else we'd have heard about it ere now.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Website Security for Webmasters 1:22 am May 21, 2026