[29682] in bugtraq
JpegX 2.0.0.3 Password Bypass Vulnerability
daemon@ATHENA.MIT.EDU (JeiAr)
Mon Apr 7 12:54:00 2003
Date: 5 Apr 2003 21:16:30 -0000
Message-ID: <20030405211630.7666.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: JeiAr <jeiar@kmfms.com>
To: bugtraq@securityfocus.com
JpegX 2.0.0.3 Password Bypass Vulnerability
--------------------------------------------------
Written by Lawrence Kom
09/30/01
http://www.nerdlogic.org/jpegx
larry@nerdlogic.org
aim: kloned
Modified the encryption format to avoid guillermito's program.
http://www.pipo.com/guillermito/jpegx/index.html
Still has all previous features
Can read version 1 & version 2 files.
Can clean files & overwrite jpegx messages in files.
Will automaticly overwrite with the new encryption format.
Now includes a wizard to make it easier to read/write jpeg files.
Got input? check out the new homepage.
http://nerdlogic.org/jpegx
Problem
--------------------------------------------------
Nothin complex here. Just open a crypted .jpg with
the wizard, enter ANY password and message is then
successfully decrypted. Only works when using the
wizard.
Credits Go To JeiAr of GulfTech Computers And CASR
