Vulnerability Description
SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Securekit | Securekit Steganography | 1.7.1 |
References
- http://homepage.mac.com/adonismac/Advisory/steg/steganography.htmlExploitVendor Advisory
- http://osvdb.org/31244
- http://secunia.com/advisories/23639Vendor Advisory
- http://www.securityfocus.com/archive/1/456283/100/0/threaded
- http://www.securityfocus.com/archive/1/456519/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31378
- http://homepage.mac.com/adonismac/Advisory/steg/steganography.htmlExploitVendor Advisory
- http://osvdb.org/31244
- http://secunia.com/advisories/23639Vendor Advisory
- http://www.securityfocus.com/archive/1/456283/100/0/threaded
- http://www.securityfocus.com/archive/1/456519/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31378
FAQ
What is CVE-2007-0163?
CVE-2007-0163 is a vulnerability with a CVSS score of 7.8 (HIGH). SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replaci...
How severe is CVE-2007-0163?
CVE-2007-0163 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0163?
Check the references section above for vendor advisories and patch information. Affected products include: Securekit Securekit Steganography.