CVE-2007-0163

SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://homepage.mac.com/adonismac/Advisory/steg/steganography.html	Exploit Vendor Advisory
http://osvdb.org/31244
http://secunia.com/advisories/23639	Vendor Advisory
http://www.securityfocus.com/archive/1/456283/100/0/threaded
http://www.securityfocus.com/archive/1/456519/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/31378

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:securekit:securekit_steganography:1.7.1:::::::*
	cpe:2.3:a:securekit:securekit_steganography:1.8:::::::*

History

No history.

Information

Published : 2007-01-10 00:28

Updated : 2018-10-16 16:31

NVD link : CVE-2007-0163

Mitre link : CVE-2007-0163

CVE.ORG link : CVE-2007-0163

JSON object : View

Products Affected

securekit

securekit_steganography

CWE

NVD-CWE-Other

{"id": "CVE-2007-0163", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-01-10T00:28:00.000", "references": [{"url": "http://homepage.mac.com/adonismac/Advisory/steg/steganography.html", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/31244", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23639", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/456283/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/456519/100/0/threaded", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31378", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information."}, {"lang": "es", "value": "SecureKit Steganography 1.7.1 y 1.8 incluye informaci\u00f3n de contrase\u00f1a en el archivo transportador, lo cual permite a atacantes remotos evitar los requisitos de autenticaci\u00f3n y descifrar la esteganograf\u00eda incluida reemplazando los \u00faltimos 20 bytes de la imagen JPEG con informaci\u00f3n de contrase\u00f1a alternativa."}], "lastModified": "2018-10-16T16:31:29.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:securekit:securekit_steganography:1.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAFE088F-1AF2-42CB-B487-F213FD6E5DD1"}, {"criteria": "cpe:2.3:a:securekit:securekit_steganography:1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1A8A727-600C-4B45-8C53-88D560E7E345"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}