VDB
GCVE-110-CERTCC-2000-747124
GCVE-110-CERTCC-2000-747124
Advisory Published
Additional Decryption Keys (ADKs) is a feature introduced into PGP (Pretty Good Privacy) versions 5.5.x through 6.5.3 that allows authorized extra decryption keys to be added to a user's public key certificate. However, an implementation flaw in PGP allows unsigned ADKs which have been maliciously added to a certificate to be used for encryption. Data encrypted with PGP 5.5.x through 6.5.3 using a modified certificate will generate ciphertext encrypted with the ADK subject to the conditions list in the impact section. The attacker who modified the certificate can obtain the plaintext from this ciphertext. PGP does not correctly detect this form of certificate modification because it fails to check if the ADK is stored in the signed (hashed) portion of the public certificate. As a result, normal methods for evaluating the legitimacy of a public certificate (fingerprint verification) are not sufficient for users of vulnerable versions of PGP.
Risk Scores
certcc-cam
certcc-cam
impact8population17exploitation0widely_known20score_current3.978ease_of_exploitation4
Aliases
References
ADK flaw in recent versions of PGP
advisory
ADK flaw in recent versions of PGP
advisory
ADK flaw in recent versions of PGP
advisory
Browse GCVE Records
72,337 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.