RSS   Vulnerabilities for 'Cryptobuddy'   RSS

2003-12-31
 
CVE-2003-1392

 

 
CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data.

 
 
CVE-2003-1391

 

 
RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase.

 
 
CVE-2003-1390

 

 
RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byte passphrase in plaintext, which makes it easier for local users to guess the passphrase.

 
 
CVE-2003-1389

 

 
RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks.

 


Copyright 2024, cxsecurity.com

 

Back to Top