Home page logo
/

bugtraq logo Bugtraq mailing list archives

ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS
From: ntwak0 () safehack com
Date: 22 Apr 2006 16:25:16 -0000

##############################################################################
##############################################################################
################# ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS ################
##############################################################################
##############################################################################
### Affected    : iOpus Secure Email Attachments                           ###
### Link        : http://www.iopus.com/freeware/secure%2Demail/            ###
### Type        : File Encryption Tool                                     ###
### Problem     : Passphrase guessing, Passphrase Issue                    ###
### Date        : 2006-04-22                                               ###
### Author      : NtWaK0, Noph0bia @ www.SafeHack.com                      ###
##############################################################################
### From iopus web site "iOpus SEA protects your data not only on its way  ###
### across the internet, but also on the recipient's PC." THIS IS ONLY     ###
### TRUE IF YOU DID NOT PICK SOME TYPE OF PASSWORDS.                       ###
###                                                                        ###
### I have found a problem with the way iOpus handle the user password.    ###
### The problem can EXPOSE your Protected encrypted file if you did not    ###
### pay attention when you pick your password.                             ###
###                                                                        ###
### Here is some examples                                                  ###
### /////////////////////                                                  ###
### 1- Create a text file with one word inside "hello"                     ###
### 2- Encrypt your text.txt file using iOpus. The out put is text.exe     ###
### 3- Pick AAAAAAAAAAAAAAAAAAA as password                                ###
### 4- Encrypt the file                                                    ###
### 5- Double click text.exe to open it, you should see Enter Password     ###
### 6- Now you think you need to enter AAAAAAAAAAAAAAAAAAA right ? WRONG   ###
###    Just enter A or AA and you will have access to your so called       ###
###    protected file(s).                                                  ###
### 7- You can try with ABCABCABCABCABC as password. To access the file    ###
###    you guessed it you DO NOT NEED To enter ALL your password :-) you   ###
###    can just enter ABC and you will have access to your protected data  ###
### 8- Let us see if you can find what you need to enter if you have a     ###
###    password like this "ABCDEFGABCDEFGABCDEFG". I hope you got it       ###
###    You need to enter ABCDEFG.                                          ###
##############################################################################
### To read why we have so many problem in information security check      ###
### http://www.safehack.com/Textware/badsecurity.txt                       ###
##############################################################################
##############################################################################


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault