CVE Catalog

CVE-2000-0445

Low
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.41%

33th percentile — higher than 33% of all known CVEs

Summary

The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys.

Risk Assessment

Predictable keys could be exploited by attackers to break encryption, posing a serious threat to the organization's data security.

Recommendation

It is recommended to upgrade to a newer version of PGP that improves key generation to ensure an adequate level of randomness.

Original NVD description (English source)

The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS