Computer Security
[EN] securityvulns.ru no-pyccku


Securekit Steganography / Camouflage protection bypass
updated since 09.01.2007
Published:11.01.2007
Source:
SecurityVulns ID:7019
Type:m-i-t-m
Threat Level:
5/10
Description:File with hidden information has strong signature, password protection is implemented in interface only.
Affected:SECUREKIT : Steganography 1.8
 SECUREKIT : Steganography 1.7
 TWISTEDPEAR : Camouflage 1.2
CVE:CVE-2007-0164 (Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing certain bytes of the JPEG image with alternate password information.)
 CVE-2007-0163 (SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information.)
Original documentdocumentthesinoda_(at)_hotmail.com, A Major design Bug in Camouflage 1.2.1 (latest) (11.01.2007)
 documentthesinoda_(at)_hotmail.com, A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version) (11.01.2007)
 documentthesinoda_(at)_hotmail.com, Cracking Steganography Application in less than ONE minute (09.01.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod