Forum Thread: Truecrypt vulnerability

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
TrueCrypt Foundation
And, this specific program:
TrueCrypt 7.x

This thread has been marked as locked.
tom_1st Truecrypt vulnerability
Member 22nd Jul, 2010 15:28
Ranking: 12
Posts: 24
User Since: 23rd Jun, 2010
System Score: N/A
Location: DE
1.)
There is a vulnerability in Truecrypt 6.2.1.0. (the authors submitted it to truecrypt "the security hole has been submitted to the maker via the official form on their webpage and a fix will soon be available")

http://www.global-evolution.info/news/?p=550 (unfortunatly only in german)
http://www.global-evolution.info/news/files/truecr...

=> This version should be tagged as 'insecure'

2.)
There is a new Truecrypt Version 7.0
and the truecrypt folks explicitly state that version prior to 7.0 should not be used:
http://www.truecrypt.org/pastversions

=> Versions < 7.0 should be tagged as eol'd

Regards,
ToM

ddmarshall RE: Truecrypt vulnerability
Dedicated Contributor 22nd Jul, 2010 19:52
Score: 1232
Posts: 979
User Since: 8th Nov 2008
System Score: 98%
Location: UK
Thanks for the warning.
I was using 6.3, but I don't usually rush to update TrueCrypt. Some nice enhancements as well.

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
tom_1st RE: Truecrypt vulnerability
Member 23rd Jul, 2010 09:58
Score: 12
Posts: 24
User Since: 23rd Jun 2010
System Score: N/A
Location: DE
Yeah i think so too, especially the hardware-accelerated AES encryption seems nice!

ToM

Was this reply relevant?
+0
-0
tom_1st RE: Truecrypt vulnerability
Member 23rd Jul, 2010 17:37
Score: 12
Posts: 24
User Since: 23rd Jun 2010
System Score: N/A
Location: DE
@Secunia
Will you update PSI & Co accordingly?

Thanks
ToM
Was this reply relevant?
+0
-0

This thread has been marked as locked.