CVE-2007-0164 - Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to b

CVE-2007-0164

Summary

Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing certain bytes of the JPEG image with alternate password information.

References

http://homepage.mac.com/adonismac/Advisory/steg/camouflage.html
http://osvdb.org/32651
http://secunia.com/advisories/23578
http://www.securityfocus.com/archive/1/456541/100/0/threaded
http://www.securityfocus.com/bid/21939
https://exchange.xforce.ibmcloud.com/vulnerabilities/31375

Vulnerable Configurations

cpe:2.3:a:camouflage:camouflage:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:camouflage:camouflage:1.2.1:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 16-10-2018 - 16:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:N/A:N

refmap via4

bid	21939
bugtraq	20070107 A Major design Bug in Camouflage 1.2.1 (latest)
misc	http://homepage.mac.com/adonismac/Advisory/steg/camouflage.html
osvdb	32651
secunia	23578
xf	camouflage-password-security-bypass(31375)

Last major update

16-10-2018 - 16:31

Published

10-01-2007 - 00:28

Last modified

16-10-2018 - 16:31