CVE Vulnerability

CVE-2007-0163

SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information.

7.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

Scope

References
Link Resource
http://homepage.mac.com/adonismac/Advisory/steg/steganography.html Exploit Vendor Advisory
http://secunia.com/advisories/23639 Vendor Advisory
http://osvdb.org/31244
https://exchange.xforce.ibmcloud.com/vulnerabilities/31378
http://www.securityfocus.com/archive/1/456519/100/0/threaded
http://www.securityfocus.com/archive/1/456283/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:securekit:securekit_steganography:1.8:*:*:*:*:*:*:*
cpe:2.3:a:securekit:securekit_steganography:1.7.1:*:*:*:*:*:*:*
Information

Published : 2007-01-10 12:28

Updated : 2018-10-16 04:31

NVD link : CVE-2007-0163

Mitre link : CVE-2007-0163

Products Affected
No products.
CWE
CWE-602