PT-2007-4787 · Dar · Dar

Dwayne C. Litzenberger

Published

2007-07-03

Updated

2008-11-15

CVE-2007-3528

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions DAR versions prior to 2.3.4

Description The issue concerns the use of weak Blowfish-CBC cryptography in the blowfish mode. This is due to two main factors: (1) the blowfish::make ivec function in libdar/crypto.cpp discards random bits, resulting in predictable and repeating IV values, and (2) the direct use of a password for keying, which simplifies the decryption process for context-dependent attackers.

Recommendations For versions prior to 2.3.4, update to version 2.3.4 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3528

Affected Products

Dar

PT-2007-4787 · Dar · Dar

CVE-2007-3528

Related Identifiers

Affected Products

References · 12