Vulnerability Description
The Anubis (aka Anubis+Ripe160) plugin before 1.3 for encrypt stores the unencrypted file's size in cleartext in the header of the encrypted file, which allows attackers to distinguish between encrypted data and random padding at the end of the encrypted file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Albinoloverats | Anubis Plugin | <= 1.2 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30388Vendor Advisory
- http://www.vupen.com/english/advisories/2008/1663/references
- https://albinoloverats.net/index.php?option=com_content&task=view&id=60&Itemid=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42652
- http://secunia.com/advisories/30388Vendor Advisory
- http://www.vupen.com/english/advisories/2008/1663/references
- https://albinoloverats.net/index.php?option=com_content&task=view&id=60&Itemid=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42652
FAQ
What is CVE-2008-2780?
CVE-2008-2780 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The Anubis (aka Anubis+Ripe160) plugin before 1.3 for encrypt stores the unencrypted file's size in cleartext in the header of the encrypted file, which allows attackers to distinguish between encrypt...
How severe is CVE-2008-2780?
CVE-2008-2780 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2780?
Check the references section above for vendor advisories and patch information. Affected products include: Albinoloverats Anubis Plugin.