High severity7.5NVD Advisory· Published Jul 25, 2017· Updated Jun 17, 2026
CVE-2015-8013
CVE-2015-8013
Description
s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openpgpnpm | < 1.3.0 | 1.3.0 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/openpgpjs/openpgpjs/commit/668a9bbe7033f3f475576209305eb57a54306d29nvdPatchThird Party AdvisoryWEB
- www.securityfocus.com/bid/77088nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-qmvq-f3fj-m3wgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-8013ghsaADVISORY
- www.openwall.com/lists/oss-security/2015/10/30/5nvdMailing ListWEB
News mentions
0No linked articles in our index yet.