CVE-2007-0163

Name of the Vulnerable Software and Affected Versions SecureKit Steganography versions 1.7.1 through 1.8

Description The issue allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information. This is due to the embedding of password information in the carrier file.

Recommendations For SecureKit Steganography versions 1.7.1 through 1.8, as a temporary workaround, consider restricting access to sensitive JPEG images until a patch is available. Avoid using the affected versions for encrypting sensitive information until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.