############################################################################## ############################################################################## ################# ADVISORY FOR IOPUS SECURE EMAIL ATTACHMENTS ################ ############################################################################## ############################################################################## ### Affected : iOpus Secure Email Attachments ### ### Link : http://www.iopus.com/freeware/secure%2Demail/ ### ### Type : File Encryption Tool ### ### Problem : Passphrase guessing, Passphrase Issue ### ### Date : 2006-04-22 ### ### Author : NtWaK0, Noph0bia @ www.SafeHack.com ### ############################################################################## ### From iopus web site "iOpus SEA protects your data not only on its way ### ### across the internet, but also on the recipient's PC." THIS IS ONLY ### ### TRUE IF YOU DID NOT PICK SOME TYPE OF PASSWORDS. ### ### ### ### I have found a problem with the way iOpus handle the user password. ### ### The problem can EXPOSE your Protected encrypted file if you did not ### ### pay attention when you pick your password. ### ### ### ### Here is some examples ### ### ///////////////////// ### ### 1- Create a text file with one word inside "hello" ### ### 2- Encrypt your text.txt file using iOpus. The out put is text.exe ### ### 3- Pick AAAAAAAAAAAAAAAAAAA as password ### ### 4- Encrypt the file ### ### 5- Double click text.exe to open it, you should see Enter Password ### ### 6- Now you think you need to enter AAAAAAAAAAAAAAAAAAA right ? WRONG ### ### Just enter A or AA and you will have access to your so called ### ### protected file(s). ### ### 7- You can try with ABCABCABCABCABC as password. To access the file ### ### you guessed it you DO NOT NEED To enter ALL your password :-) you ### ### can just enter ABC and you will have access to your protected data ### ### 8- Let us see if you can find what you need to enter if you have a ### ### password like this "ABCDEFGABCDEFGABCDEFG". I hope you got it ### ### You need to enter ABCDEFG. ### ############################################################################## ### To read why we have so many problem in information security check ### ### http://www.safehack.com/Textware/badsecurity.txt ### ############################################################################## ##############################################################################
