{"id":3593,"date":"2018-06-19T11:46:47","date_gmt":"2018-06-19T11:46:47","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\/"},"modified":"2018-06-19T11:46:47","modified_gmt":"2018-06-19T11:46:47","slug":"pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\/","title":{"rendered":"Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug"},"content":{"rendered":"<p>Security researcher Marcus Brinkmann has turned up another vulnerability in the GnuPG cryptographic library, this time specific to the Simple Password Store.<\/p>\n<p>Brinkmann <a target=\"_blank\" href=\"http:\/\/seclists.org\/oss-sec\/2018\/q2\/192\">explained<\/a> that CVE-2018-12356 offers both access to passwords and possible remote code execution.<\/p>\n<p>This bug is an incomplete regex in GnuPG&#8217;s signature verification routine, meaning an attacker can spoof file signatures on configuration files and extension scripts (Brinkmann has dubbed the bug \u201cSigSpoof 3\u201d as the third signature spoofing bug he&#8217;s found).<\/p>\n<p>\u201cModifying the configuration file allows the attacker to inject additional encryption keys under their control, thereby disclosing passwords to the attacker. Modifying the extension scripts allows the attacker arbitrary code execution,\u201d Brinkmann wrote in the advisory.<\/p>\n<p>This looks like a relatively minor issue, but Brinkmann explained to <em>The Register<\/em> it could have far-reaching consequences.<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2015\/11\/04\/fail_783953452.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"Headdesk\"\/><\/p>\n<h2 title=\"Missing input sanitisation fixed after hacker spat\">GnuPG patched to thwart &#8216;fake filename&#8217;<\/h2>\n<p><a href=\"https:\/\/www.theregister.co.uk\/2018\/06\/12\/gnupg_patched_to_thwart_exploit\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>\u201cFirst, my primary concern the last three weeks has been and still is that there may be critical infrastructure in the free software community that does insufficient signature verification with GnuPG. I have made some progress notifying the community about this problem, but this is still an ongoing investigation, and there will be updates to SigSpoof [to take care of bugs like <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2018\/06\/12\/gnupg_patched_to_thwart_exploit\/\">this one<\/a> \u2013 <em>El Reg<\/em>] soon.\u201d<\/p>\n<p>While Brinkmann has complained about GnuPG disclosure processes in the past, he declined to comment further, telling <em>The Register<\/em> his focus is on notifying the community and fixing the code.<\/p>\n<p>Explaining the bug at his <a target=\"_blank\" href=\"https:\/\/neopg.io\/blog\/pass-signature-spoof\/\">NeoPG blog<\/a>, Brinkmann wrote that it arose out of two weak design choices in GnuPG and Pass: \u201cPass matches the GnuPG status message <code>VALIDSIG<\/code> (indicating a valid signature and corresponding key details) at any position within a line in the output; [and] GnuPG emits the primary user ID of a signing key at the end of a <code>GOODSIG<\/code> status line, without escaping whitespace.\u201d<\/p>\n<p>(NeoPG is Brinkmann&#8217;s \u201copinionated fork\u201d of GnuPG 2, designed to \u201cclean up the code and make it easier to develop\u201d.)<\/p>\n<p>Independent security researcher Jason Donenfeld announced the fix for Pass <a target=\"_blank\" href=\"https:\/\/lists.zx2c4.com\/pipermail\/password-store\/2018-June\/003308.html\">here<\/a>, and the code is available <a target=\"_blank\" href=\"https:\/\/www.passwordstore.org\/\">here<\/a>.<\/p>\n<p>One of those contributing to GnuPG fixes is Mauritian developer Logan Velvindron, part of the Hackers.mu team whose <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2018\/03\/27\/with_tls_13_signed_off_its_implementation_time\/\">work on TLS 1.3<\/a> we&#8217;ve previously covered.<\/p>\n<p>Velvindron told us it&#8217;s hard to identify just how many downstream projects inherit a vulnerability like the one Brinkmann spotted, but the number of problem projects will likely be non-trivial because the GnuPG cryptographic suite has applications beyond e-mail protection.<\/p>\n<p>\u201cWe&#8217;re working with Marcus to push as many fixes as we can,\u201d he said, listing projects such as Bitcoin, Litecoin, and the Dash shell as examples.<\/p>\n<p>Brikmann&#8217;s new bug is the third found in GnuPG in the last few weeks, so <em>The Register<\/em> asked Velvindron why such a cluster of bugs has been detected within such a short space of time.<\/p>\n<p>Velvindron suggested \u201cIt&#8217;s because everybody has been parsing GPG the same way, not thinking about questions like &#8216;What are the issues with verbose output?&#8217;, and &#8216;What if this string is somewhere else?&#8217;\u201d<\/p>\n<p>As well as Logan, Hackers.mu participants in the GnuPG work include Codarren Velvindron, Nitin Mutkawoa, Rahul Golam, Muzaffar Auhammud, Kifah Meeran and Nigel Yong. \u00ae<\/p>\n<p class=\"wptl btm\"><span>Sponsored:<\/span> <a href=\"https:\/\/go.theregister.co.uk\/tl\/1759\/shttp:\/\/www.mcubed.london\/\">Minds Mastering Machines &#8211; Call for papers now open<\/a><\/p>\n<p>READ MORE <a href=\"http:\/\/go.theregister.com\/feed\/www.theregister.co.uk\/2018\/06\/19\/gnupg_popped_again_in_pass\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Brinkmann files third signature spoof vulnerability in a month Security researcher Marcus Brinkmann has turned up another vulnerability in the GnuPG cryptographic library, this time specific to the Simple Password Store.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":3594,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-3593","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-06-19T11:46:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"174\" \/>\n\t<meta property=\"og:image:height\" content=\"115\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug\",\"datePublished\":\"2018-06-19T11:46:47+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\\\/\"},\"wordCount\":551,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/06\\\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\\\/\",\"name\":\"Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/06\\\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug.jpg\",\"datePublished\":\"2018-06-19T11:46:47+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/06\\\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/06\\\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug.jpg\",\"width\":174,\"height\":115},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\/","og_locale":"en_US","og_type":"article","og_title":"Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-06-19T11:46:47+00:00","og_image":[{"width":174,"height":115,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug","datePublished":"2018-06-19T11:46:47+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\/"},"wordCount":551,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\/","url":"https:\/\/www.threatshub.org\/blog\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\/","name":"Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug.jpg","datePublished":"2018-06-19T11:46:47+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/06\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug.jpg","width":174,"height":115},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/pass-gets-a-fail-simple-password-store-suffers-gnupg-spoofing-bug\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Pass gets a fail: Simple Password Store suffers GnuPG spoofing bug"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/3593","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=3593"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/3593\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/3594"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=3593"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=3593"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=3593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}