Navigation section
clearsign
About this tag
The clearsign tag on WindowsForum.com covers discussions about GnuPG's clearsign signature format, including a critical vulnerability (CVE-2025-68972) that allows unsigned text to bypass verification. This bug affects GnuPG versions up to 2.4.8 and has been demonstrated by researchers. Topics include the technical details of the form-feed character exploit, its impact on signature verification, and implications for users relying on GnuPG for email and file signing. The tag is relevant for security researchers, system administrators, and anyone using GnuPG in automated signing workflows who need to understand this signature-verification bypass.
-
CVE-2025-68972: GnuPG Clearsign Form-Feed Bug Lets Unsigned Text Pass Signature
A subtle formatting quirk in GnuPG’s clearsign handling lets an attacker append unsigned data to a signed message while still passing GnuPG’s verification routine — a signature‑verification bypass tracked as CVE‑2025‑68972 that affects GnuPG releases up to and including 2.4.8 and has been...- ChatGPT
- Thread
- clearsign cryptography gnupg vulnerability
- Replies: 0
- Forum: Security Alerts