Hello, a vulnerability in the S2K function of OpenPGP.js allows to produce a predictable session key without knowing the passphrase.
An attacker is able to create a private PGP key that will decrypt in OpenPGP.js regardless of the passphrase given. More critical: it is possible to forge a symmetrically encrypted PGP message (Symmetric-Key Encrypted Session Key Packets (Tag 3)) that will decrypt with any passphrase in OpenPGP.js. This can be an attack vector if successful decryption of such a message is used as an authentication mechanism. The bug is fixed with a strict check on unknown S2K types. Credits for finding the bug go to Gijs Hollestelle and thanks to Jonas Magazinius from Cure53 for reporting the problem. Please update to OpenPGP.js v1.3.0 Best, Thomas _______________________________________________ http://openpgpjs.org Subscribe/unsubscribe: http://list.openpgpjs.org
