Name of the Vulnerable Software and Affected Versions MagicCrypt64, MagicCrypt128, MagicCrypt192, and MagicCrypt256 (affected versions not specified)

Description The issue concerns the use of insecure cryptographic algorithms and practices that compromise the integrity of encrypted data. Specifically, MagicCrypt64 uses the insecure DES block cipher in CBC mode without authentication, allowing for brute force and padding oracle attacks. The key and IV are generated from user input using CRC64, which is not a suitable key derivation function. All implementations, including MagicCrypt64, MagicCrypt128, MagicCrypt192, and MagicCrypt256, are vulnerable to padding-oracle attacks and do not protect the integrity of the ciphertext. Furthermore, they do not use password-based key derivation functions, despite the key being intended to be generated from a password. The implementations also use uninitialized memory without proper structures.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.