CVE-2007-3528

Name of the Vulnerable Software and Affected Versions DAR versions prior to 2.3.4

Description The issue concerns the use of weak Blowfish-CBC cryptography in the blowfish mode. This is due to two main factors: (1) the blowfish::make ivec function in libdar/crypto.cpp discards random bits, resulting in predictable and repeating IV values, and (2) the direct use of a password for keying, which simplifies the decryption process for context-dependent attackers.

Recommendations For versions prior to 2.3.4, update to version 2.3.4 or later to resolve the issue.