Saturday, January 18, 2025
HomeData BreachAdobe Most Secured Private PGP Key Leaked Online

Adobe Most Secured Private PGP Key Leaked Online

Published on

SIEM as a Service

Follow Us on Google News

Adobe suffered a lot on Friday when its Private PGP keys were inadvertently published on its Product Incident Security Response Team(Blog).

A pair of Public and Private keys were published together, Keys could either decrypt messages sent to Adobe Product Incident Security Response Team(PSIRT).

Researcher Juho Nurminen who works for Finnish security company 2NS (Second Nature Security) as a pen-tester said risk posed by this leak could be stealing private messages or Phishing attack is possible.

Also Read Verizon Wireless Confidential Data Leaked Accidentally by Its Employee

The private key encrypted using a passphrase.Without knowing the passphrase, private Key is worthless.If the passphrase is weak, it can be brute-forced said researcher Juho Nurminen.

Since Adobe PSIRT don’t have direct contact with customers, therefore phishing on a wide scale is not a concern.

If Successfully decrypt the private key is not worth.Nurminen said “Decryption only comes into play if you’re able to intercept some encrypted messages first, which would be fairly difficult in general, and in this case, very unlikely to have ever happened.

If Successfully decrypt the private key is not worth.Nurminen said “Decryption only comes into play if you’re able to intercept some encrypted messages first, which would be fairly difficult in general, and in this case, very unlikely to have ever happened.

Nurminen said “Decryption only comes into play if you’re able to intercept some encrypted messages first, which would be fairly difficult in general, and in this case, very unlikely to have ever happened.

Threatpost said, A Report sent to Adobe on Saturday for comment but not returned in time for publication.Hours later Nurminen’s private disclosure, Then after Adobe took down the post and generated a new private Key.

Once the key had been taken down, Nurminen tweeted screenshots showing the public and private key as well as a third screenshot showing that the key had been created Sept. 18, four days before the researcher stumbled upon it.

Adobe key Leaked
Adobe key Leaked
Adobe key Leaked

Asymmetric cryptography uses a public-private key pair to decrypt messages. Public keys are generally generated by the owner in order to simplify secure communication between two endpoints. Only Adobe knows how the private key was published in a public forum.

Actual consequences in terms of data loss etc. are likely zero,” Nurminen said he found an issue in an Adobe product during a software audit he conducted for his client.“The PSIRT email address was listed on the Adobe website as it should be, along with a link to the blog page containing the PGP keys,” Nurminen said. “The page was obviously supposed to contain only the public key, but instead it contained both the public and the private key.”

Nurminen sent a Twitter direct message to Adobe, Adobe responded that the issue would be forwarded to the appropriate security Team.After some time Nurminen reported the issue to Adobe PSIRT through its HackerOne program.

Finally, Nurminen said. “They closed the [HackerOne] ticket as fixed. I only tweeted out the screenshots once I knew the key was no longer in use. I haven’t heard anything more from Adobe after they closed the [HackerOne] ticket.”

Latest articles

Hackers Easily Bypass Active Directory Group Policy to Allow Vulnerable NTLMv1 Auth Protocol

Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured...

AWS Warns of Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific...

FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages

Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms....

New Tool Unveiled to Scan Hacking Content on Telegram

A Russian software developer, aided by the National Technology Initiative, has introduced a groundbreaking...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

FTC Slams GoDaddy For Not Implement Standard Security Practices Following Major Breaches

The Federal Trade Commission (FTC) has announced that it will require GoDaddy Inc. to...

Furry Hacker Breaches Scholastic – Exposes Data of 8 Million People

The education and publishing giant Scholastic has fallen victim to a significant data breach...

PowerSchool Hacked – Attackers Accessed Personal Data of Students and Teachers

Walker County Schools has reported that unauthorized access to personal data belonging to students...