Updated cure53 Security Audit 2015 (markdown)
parent
d2dc3549d7
commit
ec7aa04984
|
@ -1,5 +1,6 @@
|
|||
Audit can be downloaded at https://cure53.de/pentest-report_openkeychain.pdf
|
||||
|
||||
All identified vulnerabilities has been discussed with cure53 and fixed in OpenKeychain 3.6. Only OKC-01-006 has not been fixed because it is not in our threat model. We will work on two Miscellaneous Issues (not vulnerabilities!) for a future version of OpenKeychain.
|
||||
|
||||
## Identified Vulnerabilities
|
||||
### OKC-01-001 Private Keys can be imported from Keyserver (Medium)
|
||||
|
@ -33,6 +34,8 @@ https://github.com/open-keychain/open-keychain/commit/57a04cb8a14a4777a3d77a9295
|
|||
|
||||
### OKC-01-011 Unconfirmed Main Identities are shown as confirmed (Low)
|
||||
Confirmed identities (if they exist) are now prioritized over non-confirmed ones.
|
||||
|
||||
FIXED IN
|
||||
* https://github.com/open-keychain/open-keychain/commit/486117d9de8618c1ecfb2a592c781fc43f1cc886
|
||||
|
||||
### OKC-01-012 Database Extraction possible via Version Downgrade (Medium)
|
||||
|
|
Loading…
Reference in New Issue