PT-2006-4866 · Scatterchat · Scatterchat
Steven Murdoch
·
Published
2006-08-17
·
Updated
2024-02-14
·
CVE-2006-4021
CVSS v2.0
2.6
Low
| Vector | AV:N/AC:H/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ScatterChat versions 1.0.x
Description
The issue allows attackers to identify patterns in large numbers of messages by exploiting collisions using a birthday attack on the custom padding mechanism for ECB mode encryption.
Recommendations
For ScatterChat versions 1.0.x, consider disabling the custom padding mechanism for ECB mode encryption as a temporary workaround until a patch is available. Restrict access to sensitive messages to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Scatterchat