[11248] in bugtraq
Vulnerabilities in BO2k encryption plugins
daemon@ATHENA.MIT.EDU (Ben Greenbaum)
Wed Aug 4 21:49:42 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.4.05.9908041443490.26239-100000@www.securityfocus.com>
Date: Wed, 4 Aug 1999 14:59:55 -0700
Reply-To: Ben Greenbaum <beng@SECURITYFOCUS.COM>
From: Ben Greenbaum <beng@SECURITYFOCUS.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Discovered by Irwan Amir Widjaja <irwanw@netscape.net> and Daniel
Roethlisberger <admin@roe.ch>.
Two popular encryption plugins for Back Orifice 2000 have been found to
have serious security flaws: BO_CAST and BO2K IDEA. Both have been fixed.
The flaw is that due to a small error in one line of the MD5 hash
algorithm code, any password generated the same hash.
The fixed versions are available at:
IDEA: http://www.wynne.demon.co.uk/maw/IDEAEncrypt.zip
BO_CAST: http://www.roe.ch/cgi-bin/bo_cast.pl
More information is available at:
http://www.securityfocus.com/level2/?go=vulnerabilities&id=561
http://www.securityfocus.com/level2/?go=vulnerabilities&id=562
Ben Greenbaum
SecurityFocus
www.securityfocus.com
