[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060422162516.22292.qmail@securityfocus.com>
Date: 22 Apr 2006 16:25:16 -0000
From: ntwak0@...ehack.com
To: bugtraq@...urityfocus.com
Subject: ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS
##############################################################################
##############################################################################
################# ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS ################
##############################################################################
##############################################################################
### Affected : iOpus Secure Email Attachments ###
### Link : http://www.iopus.com/freeware/secure%2Demail/ ###
### Type : File Encryption Tool ###
### Problem : Passphrase guessing, Passphrase Issue ###
### Date : 2006-04-22 ###
### Author : NtWaK0, Noph0bia @ www.SafeHack.com ###
##############################################################################
### From iopus web site "iOpus SEA protects your data not only on its way ###
### across the internet, but also on the recipient's PC." THIS IS ONLY ###
### TRUE IF YOU DID NOT PICK SOME TYPE OF PASSWORDS. ###
### ###
### I have found a problem with the way iOpus handle the user password. ###
### The problem can EXPOSE your Protected encrypted file if you did not ###
### pay attention when you pick your password. ###
### ###
### Here is some examples ###
### ///////////////////// ###
### 1- Create a text file with one word inside "hello" ###
### 2- Encrypt your text.txt file using iOpus. The out put is text.exe ###
### 3- Pick AAAAAAAAAAAAAAAAAAA as password ###
### 4- Encrypt the file ###
### 5- Double click text.exe to open it, you should see Enter Password ###
### 6- Now you think you need to enter AAAAAAAAAAAAAAAAAAA right ? WRONG ###
### Just enter A or AA and you will have access to your so called ###
### protected file(s). ###
### 7- You can try with ABCABCABCABCABC as password. To access the file ###
### you guessed it you DO NOT NEED To enter ALL your password :-) you ###
### can just enter ABC and you will have access to your protected data ###
### 8- Let us see if you can find what you need to enter if you have a ###
### password like this "ABCDEFGABCDEFGABCDEFG". I hope you got it ###
### You need to enter ABCDEFG. ###
##############################################################################
### To read why we have so many problem in information security check ###
### http://www.safehack.com/Textware/badsecurity.txt ###
##############################################################################
##############################################################################
Powered by blists - more mailing lists