Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The wizard in KGPG 0.6 through 0.8.2 does not properly provide the passphrase to gpg when creating new keys, which causes secret keys to be created with an empty passphrase and allows local attackers to steal the keys if they can be read.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
KGPG Key生成空密码字段漏洞
Vulnerability Description
KGPG是一款免费开放源代码KDE端GPG程序。 KPGP在生成密码字段时存在问题,本地攻击者可以利用这个漏洞访问某些使用KGPG加密的文件内容,造成敏感信息泄露。 KPGP在以"Wizard"方式生成密钥时,所有的密钥会包含空的密码字段。如果攻击者可以访问电脑就可以读取用户的Secret Key,在不需要密码字段的情况下解密你的文件。 不过以console/expert方式生成的密钥不受此漏洞影响。 <*链接:http://devel-home.kde.org/~kgpg/bug.html *>
CVSS Information
N/A
Vulnerability Type
N/A