Bugtraq mailing list archives
Vulnerabilities in BO2k encryption plugins
From: beng () SECURITYFOCUS COM (Ben Greenbaum)
Date: Wed, 4 Aug 1999 14:59:55 -0700
Discovered by Irwan Amir Widjaja <irwanw () netscape net> and Daniel Roethlisberger <admin () roe ch>. Two popular encryption plugins for Back Orifice 2000 have been found to have serious security flaws: BO_CAST and BO2K IDEA. Both have been fixed. The flaw is that due to a small error in one line of the MD5 hash algorithm code, any password generated the same hash. The fixed versions are available at: IDEA: http://www.wynne.demon.co.uk/maw/IDEAEncrypt.zip BO_CAST: http://www.roe.ch/cgi-bin/bo_cast.pl More information is available at: http://www.securityfocus.com/level2/?go=vulnerabilities&id=561 http://www.securityfocus.com/level2/?go=vulnerabilities&id=562 Ben Greenbaum SecurityFocus www.securityfocus.com
Current thread:
- Vulnerabilities in BO2k encryption plugins Ben Greenbaum (Aug 04)