Vulnerabilities > CVE-2007-0163 - Security Bypass vulnerability in Securekit Steganography 1.7.1/1.8

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

NONE

Availability impact

NONE

network

low complexity

securekit

NVD

Published: 2007-01-10

Updated: 2018-10-16

Summary

SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information.

Vulnerable Configurations

Part	Description	Count
Application	Securekit Securekit Securekit Steganography 1.7.1 Securekit Securekit Steganography 1.8	2

References

http://homepage.mac.com/adonismac/Advisory/steg/steganography.html
http://osvdb.org/31244
http://secunia.com/advisories/23639
http://www.securityfocus.com/archive/1/456283/100/0/threaded
http://www.securityfocus.com/archive/1/456519/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/31378