cvedb.io
CVE-2015-8013
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2017-07-25T18:29:00.993 · Last modified 2026-06-17T00:33:52.443

Summary

s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message.

Affected products

openpgpjs — openpgpjs

Does this affect you?

Add your gear to cvedb and we'll alert you only when openpgpjs ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.