Monday , 16 July 2018
Home » NEWS » TOP 10 STORIES » Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug

Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug

Security researcher Marcus Brinkmann has turned up another vulnerability in the GnuPG cryptographic library, this time specific to the Simple Password Store. Brinkmann explained that CVE-2018-12356 offers both access to passwords and possible remote code execution. This bug is an incomplete regex in GnuPG’s signature verification routine, meaning an attacker can spoof file signatures on configuration files and extension scripts (Brinkmann has dubbed the bug “SigSpoof 3” as the third signature spoofing bug he’s found).

View full story

ORIGINAL SOURCE: The Register

About Japonica Jackson

Japonica is head of editorial at IT Security Guru. If you'd like to get in touch with Japonica, please email editor@itsecurityguru.org.