JpegX 2.0.0.3 Password Bypass Vulnerability

From: JeiAr (jeiar@kmfms.com)
Date: 04/05/03

  • Next message: Immunix Security Team: "Immunix Secured OS 7+ cvs update"
    Date: 5 Apr 2003 21:16:30 -0000
    From: JeiAr <jeiar@kmfms.com>
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is)

    JpegX 2.0.0.3 Password Bypass Vulnerability
    --------------------------------------------------
    Written by Lawrence Kom
    09/30/01
    http://www.nerdlogic.org/jpegx
    larry@nerdlogic.org
    aim: kloned

    Modified the encryption format to avoid guillermito's program.
    http://www.pipo.com/guillermito/jpegx/index.html

    Still has all previous features
    Can read version 1 & version 2 files.
    Can clean files & overwrite jpegx messages in files.
    Will automaticly overwrite with the new encryption format.

    Now includes a wizard to make it easier to read/write jpeg files.
    Got input? check out the new homepage.

    http://nerdlogic.org/jpegx

    Problem
    --------------------------------------------------
    Nothin complex here. Just open a crypted .jpg with
    the wizard, enter ANY password and message is then
    successfully decrypted. Only works when using the
    wizard.

    Credits Go To JeiAr of GulfTech Computers And CASR


  • Next message: Immunix Security Team: "Immunix Secured OS 7+ cvs update"