AOH :: HP Unsorted I :: B06-1837.HTM

Iopus secure email attachments



ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS
ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS



##############################################################################
##############################################################################
################# ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS ################
##############################################################################
##############################################################################
### Affected    : iOpus Secure Email Attachments                           ###
### Link : http://www.iopus.com/freeware/secure%2Demail/ ### 
### Type        : File Encryption Tool                                     ###
### Problem     : Passphrase guessing, Passphrase Issue                    ###
### Date        : 2006-04-22                                               ###
### Author : NtWaK0, Noph0bia @ www.SafeHack.com ### 
##############################################################################
### From iopus web site "iOpus SEA protects your data not only on its way  ###
### across the internet, but also on the recipient's PC." THIS IS ONLY     ###
### TRUE IF YOU DID NOT PICK SOME TYPE OF PASSWORDS.                       ###
###                                                                        ###
### I have found a problem with the way iOpus handle the user password.    ###
### The problem can EXPOSE your Protected encrypted file if you did not    ###
### pay attention when you pick your password.                             ###
###                                                                        ###
### Here is some examples                                                  ###
### /////////////////////                                                  ###
### 1- Create a text file with one word inside "hello"                     ###
### 2- Encrypt your text.txt file using iOpus. The out put is text.exe     ###
### 3- Pick AAAAAAAAAAAAAAAAAAA as password                                ###
### 4- Encrypt the file                                                    ###
### 5- Double click text.exe to open it, you should see Enter Password     ###
### 6- Now you think you need to enter AAAAAAAAAAAAAAAAAAA right ? WRONG   ###
###    Just enter A or AA and you will have access to your so called       ###
###    protected file(s).                                                  ###
### 7- You can try with ABCABCABCABCABC as password. To access the file    ###
###    you guessed it you DO NOT NEED To enter ALL your password :-) you   ###
###    can just enter ABC and you will have access to your protected data  ###
### 8- Let us see if you can find what you need to enter if you have a     ###
###    password like this "ABCDEFGABCDEFGABCDEFG". I hope you got it       ###
###    You need to enter ABCDEFG.                                          ###
##############################################################################
### To read why we have so many problem in information security check      ###
### http://www.safehack.com/Textware/badsecurity.txt ### 
##############################################################################
##############################################################################

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.