Описание
SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information.
Ссылки
- ExploitVendor Advisory
- Vendor Advisory
- ExploitVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:securekit:securekit_steganography:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:securekit:securekit_steganography:1.8:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.0231
Низкий
7.8 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information.
EPSS
Процентиль: 84%
0.0231
Низкий
7.8 High
CVSS2
Дефекты
NVD-CWE-Other