Vulnerabilities in BO2k encryption plugins

From: Ben Greenbaum (bengat_private)
Date: Wed Aug 04 1999 - 14:59:55 PDT

Next message: Alfred Huger: "bo2k plugins"

Previous message: Jan B. Koum: "Nifty DoS in Foundry networks gear."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Discovered by Irwan Amir Widjaja <irwanwat_private> and Daniel
Roethlisberger <adminat_private>.

Two popular encryption plugins for Back Orifice 2000 have been found to
have serious security flaws: BO_CAST and BO2K IDEA. Both have been fixed.
The flaw is that due to a small error in one line of the MD5 hash
algorithm code, any password generated the same hash.

The fixed versions are available at:
IDEA:      http://www.wynne.demon.co.uk/maw/IDEAEncrypt.zip
BO_CAST:   http://www.roe.ch/cgi-bin/bo_cast.pl

More information is available at:
http://www.securityfocus.com/level2/?go=vulnerabilities&id=561
http://www.securityfocus.com/level2/?go=vulnerabilities&id=562


Ben Greenbaum
SecurityFocus
www.securityfocus.com

Next message: Alfred Huger: "bo2k plugins"
Previous message: Jan B. Koum: "Nifty DoS in Foundry networks gear."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:54:53 PDT