lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060422162516.22292.qmail@securityfocus.com>
Date: 22 Apr 2006 16:25:16 -0000
From: ntwak0@...ehack.com
To: bugtraq@...urityfocus.com
Subject: ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS


##############################################################################
##############################################################################
################# ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS ################
##############################################################################
##############################################################################
### Affected    : iOpus Secure Email Attachments                           ###
### Link        : http://www.iopus.com/freeware/secure%2Demail/            ###
### Type        : File Encryption Tool                                     ###
### Problem     : Passphrase guessing, Passphrase Issue                    ###
### Date        : 2006-04-22                                               ###
### Author      : NtWaK0, Noph0bia @ www.SafeHack.com                      ###
##############################################################################
### From iopus web site "iOpus SEA protects your data not only on its way  ###
### across the internet, but also on the recipient's PC." THIS IS ONLY     ###
### TRUE IF YOU DID NOT PICK SOME TYPE OF PASSWORDS.                       ###
###                                                                        ###
### I have found a problem with the way iOpus handle the user password.    ###
### The problem can EXPOSE your Protected encrypted file if you did not    ###
### pay attention when you pick your password.                             ###
###                                                                        ###
### Here is some examples                                                  ###
### /////////////////////                                                  ###
### 1- Create a text file with one word inside "hello"                     ###
### 2- Encrypt your text.txt file using iOpus. The out put is text.exe     ###
### 3- Pick AAAAAAAAAAAAAAAAAAA as password                                ###
### 4- Encrypt the file                                                    ###
### 5- Double click text.exe to open it, you should see Enter Password     ###
### 6- Now you think you need to enter AAAAAAAAAAAAAAAAAAA right ? WRONG   ###
###    Just enter A or AA and you will have access to your so called       ###
###    protected file(s).                                                  ###
### 7- You can try with ABCABCABCABCABC as password. To access the file    ###
###    you guessed it you DO NOT NEED To enter ALL your password :-) you   ###
###    can just enter ABC and you will have access to your protected data  ###
### 8- Let us see if you can find what you need to enter if you have a     ###
###    password like this "ABCDEFGABCDEFGABCDEFG". I hope you got it       ###
###    You need to enter ABCDEFG.                                          ###
##############################################################################
### To read why we have so many problem in information security check      ###
### http://www.safehack.com/Textware/badsecurity.txt                       ###
##############################################################################
##############################################################################


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ