{"api_version":"1","generated_at":"2026-04-23T22:33:04+00:00","cve":"CVE-2002-2069","urls":{"html":"https://cve.report/CVE-2002-2069","api":"https://cve.report/api/cve/CVE-2002-2069.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2002-2069","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2002-2069"},"summary":{"title":"CVE-2002-2069","description":"PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.","state":"PUBLISHED","assigner":"mitre","published_at":"2002-12-31 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["CWE-459","n/a"],"metrics":[{"version":"3.1","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.seifried.org/security/advisories/kssa-003.html","name":"http://www.seifried.org/security/advisories/kssa-003.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Vendor Advisory"],"title":"Kurt Seifried - Security / Security Advisories / KSSA-003 NTFS Alternate data streams","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.iss.net/security_center/static/7953.php","name":"http://www.iss.net/security_center/static/7953.php","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"],"title":"ISS X-Force Database: ntfs-ads-file-wipe (7953): NTFS file-wiping utilities do not properly clean data in Alternate Data Streams","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/3912","name":"http://www.securityfocus.com/bid/3912","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"],"title":"Multiple Vendor NTFS File Wipe Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securityfocus.com/archive/1/251565","name":"http://www.securityfocus.com/archive/1/251565","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Third Party Advisory","VDB Entry"],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.ciac.org/ciac/bulletins/m-034.shtml","name":"http://www.ciac.org/ciac/bulletins/m-034.shtml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link","Vendor Advisory"],"title":"M-034: Window File Wiping Utilities Miss Alternate Data Streams","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2002-2069","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2002-2069","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2002","cve_id":"2069","vulnerable":"1","versionEndIncluding":"6.5.8","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"pgp","cpe5":"personal_privacy","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2002","cve_id":"2069","vulnerable":"1","versionEndIncluding":"7.1.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"pgp","cpe5":"personal_privacy","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T03:51:17.500Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"3912","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/3912"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.seifried.org/security/advisories/kssa-003.html"},{"name":"ntfs-ads-file-wipe(7953)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"http://www.iss.net/security_center/static/7953.php"},{"name":"M-034","tags":["third-party-advisory","government-resource","x_refsource_CIAC","x_transferred"],"url":"http://www.ciac.org/ciac/bulletins/m-034.shtml"},{"name":"20020120 KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/251565"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2005-07-14T04:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"3912","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/3912"},{"tags":["x_refsource_MISC"],"url":"http://www.seifried.org/security/advisories/kssa-003.html"},{"name":"ntfs-ads-file-wipe(7953)","tags":["vdb-entry","x_refsource_XF"],"url":"http://www.iss.net/security_center/static/7953.php"},{"name":"M-034","tags":["third-party-advisory","government-resource","x_refsource_CIAC"],"url":"http://www.ciac.org/ciac/bulletins/m-034.shtml"},{"name":"20020120 KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/251565"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2002-2069","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"3912","refsource":"BID","url":"http://www.securityfocus.com/bid/3912"},{"name":"http://www.seifried.org/security/advisories/kssa-003.html","refsource":"MISC","url":"http://www.seifried.org/security/advisories/kssa-003.html"},{"name":"ntfs-ads-file-wipe(7953)","refsource":"XF","url":"http://www.iss.net/security_center/static/7953.php"},{"name":"M-034","refsource":"CIAC","url":"http://www.ciac.org/ciac/bulletins/m-034.shtml"},{"name":"20020120 KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/251565"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2002-2069","datePublished":"2005-07-14T04:00:00.000Z","dateReserved":"2005-07-14T00:00:00.000Z","dateUpdated":"2024-09-16T20:12:17.626Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2002-12-31 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["CWE-459","n/a"],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pgp:personal_privacy:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.2","versionEndIncluding":"6.5.8","matchCriteriaId":"D3A0768F-FE39-4513-8E92-5C8C3A8262B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:pgp:personal_privacy:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0","versionEndIncluding":"7.1.1","matchCriteriaId":"8CF5F157-D19E-4C40-9F32-B21B81113230"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2002","CveId":"2069","Ordinal":"1","Title":"CVE-2002-2069","CVE":"CVE-2002-2069","Year":"2002"},"notes":[{"CveYear":"2002","CveId":"2069","Ordinal":"1","NoteData":"PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.","Type":"Description","Title":"CVE-2002-2069"},{"CveYear":"2002","CveId":"2069","Ordinal":"2","NoteData":"2005-07-14","Type":"Other","Title":"Published"}]}}}