Securekit Steganography / Camouflage protection bypass updated since 09.01.2007
Published:		11.01.2007
Source:		BUGTRAQ
SecurityVulns ID:		7019
Type:		m-i-t-m
Level:		5/10
Description:		File with hidden information has strong signature, password protection is implemented in interface only.

Affected:		SECUREKIT : Steganography 1.8
		SECUREKIT : Steganography 1.7
		TWISTEDPEAR : Camouflage 1.2
CVE:		CVE-2007-0164 (Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing certain bytes of the JPEG image with alternate password information.)
		CVE-2007-0163 (SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information.)

Original document		thesinoda_(at)_hotmail.com, A Major design Bug in Camouflage 1.2.1 (latest) (11.01.2007)
		thesinoda_(at)_hotmail.com, A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version) (11.01.2007)
		thesinoda_(at)_hotmail.com, Cracking Steganography Application in less than ONE minute (09.01.2007)

Discuss:

Read or add your comments to this news (0 comments)