You are on the Cert-IST public site
In brief: SigSpoof vulnerabilities in GnuPG

Date :June 07, 2018

Publication: Article

The author of NeoPG (a recent fork of GnuPG) published in June a series of 3 vulnerabilities affecting GnuPG (and related tools) that he named SigSpoof 1, 2 and 3. After the "Efail" vulnerability in OpenPGP and S/MIME, for which we released the CERT-IST/AL-2018.009 yellow alert in May, this new set of vulnerabilities of course immediately caught our attention.

GnuPG has two main features: encryption and signature. Efail was about encryption. SigSpoof is this time about signature. SigSpoof is less serious than Efail, and patches have been published to completely solve these issues.

Here is a short overview of these vulnerabilities. A detailed description is available on the NeoPG website: SigSpoof 1, SigSpoof 2 and SigSPoof 3.


SigSpoof 1 (CVE-2018-12020): When running in "verbose" mode, in addition to the regular message stating that the signature of the file is correct, GnuPG also displays other information and in particular the original name of the file when the signature was generated. This name is chosen by the attacker who can therefore use a name that look like a "correct signature" message in such a way to fool a user, but also plugins such as Enigmail (for Thunderbird) or GPGTools (for Mac OS/X)

GnuPG 2.2.8 fixes this vulnerability (see CERT-IST/AV-2018.0623) as well as GPGTools 2018.3 and Enigmail 2.0.7 (these two latter products are not in the Cert-IST products catalog).


SigSpoof 2 (CVE-2018-12019): This vulnerability affects Enigmail (versions before 2.0.7). This vulnerability has several facets but the most important one is that Enigmail does not properly handle multiple signatures (e.g. when two authors sign the message). It is therefore possible to insert a fake signature, in addition to the valid signature of the attacker- in such a way that Enigmail shows only the fake signature and states it is authentic (confusion attack).


SigSpoof 3 (CVE-2018-12356): This vulnerability affects a tool named "Simple Password Store" (, which is a password vault for Unix (and Linux) relying on GnuPG. Due to a mistake in the regular expression used to analyze the result of the GnuPG commands launched by this tool, it is possible to take complete control of the tool: modifying configuration files, stealing passwords and even executing arbitrary commands. This vulnerability has been fixed in version 1.7.2.