#Tag · Kakapo Social

Discussion

Loading...

#Tag

About
Code of conduct
Privacy
Users
Instances
About Bonfire

chaos.social boosted

@neverpanic@chaos.social · activity timestamp 2 days ago

Ouch:

"I stumbled upon a bug in RNP that has been introduced when refactoring. Namely, session keys generated for PKESK are not randomized but always zero."

#RNP is #Thunderbird's implementation of #OpenPGP. This is CVE-2025-13402, best link I found so far is https://bugzilla.redhat.com/show_bug.cgi?id=2415863.

2415863 – (CVE-2025-13402) CVE-2025-13402 github.com/rnpgp/rnp: RNP PKESK Session Keys Generated as All‑Zero

Copy link
Flag this post

Block

@neverpanic@chaos.social · activity timestamp 2 days ago

Ouch:

"I stumbled upon a bug in RNP that has been introduced when refactoring. Namely, session keys generated for PKESK are not randomized but always zero."

#RNP is #Thunderbird's implementation of #OpenPGP. This is CVE-2025-13402, best link I found so far is https://bugzilla.redhat.com/show_bug.cgi?id=2415863.

2415863 – (CVE-2025-13402) CVE-2025-13402 github.com/rnpgp/rnp: RNP PKESK Session Keys Generated as All‑Zero

Copy link
Flag this post

Block

Log in

Kakapo Social

Kakapo Social: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0 no JS en

Automatic federation enabled

Explore
About
Members
Code of Conduct