 | This articlemay be too technical for most readers to understand. Pleasehelp improve it tomake it understandable to non-experts, without removing the technical details.(September 2018) (Learn how and when to remove this message) |
| CVE identifier(s) | CVE-2018-12020 |
|---|---|
| Date discovered | June 2018; 6 years ago (2018-06) |
| Discoverer | Marcus Brinkmann |
| Affected software | GNU Privacy Guard (GnuPG) from v0.2.2 to v2.2.8. |
SigSpoof (CVE-2018-12020) is a family ofsecurity vulnerabilities that affected the software packageGNU Privacy Guard ("GnuPG") since version 0.2.2, that was released in 1998.[1] Several other software packages that make use of GnuPG were also affected, such asPass andEnigmail.[2][1]
In un-patched versions of affected software, SigSpoof attacks allowcryptographic signatures to be convincinglyspoofed, under certain circumstances.[1][3][4][2][5] This potentially enables a wide range of subsidiary attacks to succeed.[1][3][4][2][5]
 | Thiscomputer security article is astub. You can help Wikipedia byexpanding it. |