Symantec PGP Universal Server Private Key Information Disclosure Vulnerability

Summary

This allow remote attackers to read a private key in opportunistic circumstances by making a request near the end of a user’s session.

Credit:

The original article can be found at: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3582


Details

Vulnerable Systems:
 * Symantec Pgp Universal Server 3.2.0 and prior

Symantec PGP Universal Server does not properly manage sessions that include key search requests.

Patch Availability:
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120830_00

CVE Information:
CVE-2012-3582

Disclosure Timeline:
Publish Date : 2012-09-13
Last Update Date : 2012-09-21

Categories: News