Arbitrary Message Decryption Vulnerability in OpenPGP.js

Arbitrary Message Decryption Vulnerability in OpenPGP.js

CVE-2015-8013 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message.

Learn more about our Web Application Penetration Testing UK.