CVE-2002-2069

HIGH

PGP <7.x - Info Disclosure

Title source: llm

Description

PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

References (5)

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/3912

[Broken Link, Vendor Advisory] http://www.seifried.org/security/advisories/kssa-003.html

[Broken Link] http://www.iss.net/security_center/static/7953.php

[Broken Link, Vendor Advisory] http://www.ciac.org/ciac/bulletins/m-034.shtml

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/251565

Scores

CVSS v3 7.5

EPSS 0.0070

EPSS Percentile 72.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-459

Status published

Products (1)

pgp/personal_privacy 6.0.2 - 6.5.8

Published Dec 31, 2002

Tracked Since Feb 18, 2026