JpegX 2.0.0.3 Password Bypass Vulnerability

From: JeiAr (jeiar@kmfms.com)
Date: 04/05/03

Next message: Immunix Security Team: "Immunix Secured OS 7+ cvs update"

Previous message: Marc Schoenefeld: "Java Agent freezes Lotus Notes and Domino 6.0.1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 5 Apr 2003 21:16:30 -0000
From: JeiAr <jeiar@kmfms.com>
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is)

JpegX 2.0.0.3 Password Bypass Vulnerability
--------------------------------------------------
Written by Lawrence Kom
09/30/01
http://www.nerdlogic.org/jpegx
larry@nerdlogic.org
aim: kloned

Modified the encryption format to avoid guillermito's program.
http://www.pipo.com/guillermito/jpegx/index.html

Still has all previous features
Can read version 1 & version 2 files.
Can clean files & overwrite jpegx messages in files.
Will automaticly overwrite with the new encryption format.

Now includes a wizard to make it easier to read/write jpeg files.
Got input? check out the new homepage.

http://nerdlogic.org/jpegx

Problem
--------------------------------------------------
Nothin complex here. Just open a crypted .jpg with
the wizard, enter ANY password and message is then
successfully decrypted. Only works when using the
wizard.

Credits Go To JeiAr of GulfTech Computers And CASR

Next message: Immunix Security Team: "Immunix Secured OS 7+ cvs update"

Previous message: Marc Schoenefeld: "Java Agent freezes Lotus Notes and Domino 6.0.1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]