|
|
CVE Reference: CVE-2007-3528 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-3528 |
|
|
Description: The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1) discarding random bits by the blowfish::make_ivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and (2) direct use of a password for keying, which makes it easier for context-dependent attackers to decrypt files. |
|
|
CVE Status: Candidate |
|
|
References: SAID Secunia Advisory: SA25953 OSVDB 38189 38190 CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=425335 BID 24930 |
|
| Return to the previous page. |
