Research Triangle Software : Security Vulnerabilities, CVEs,
CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data.
Max CVSS
6.6
EPSS Score
0.04%
Published
2003-12-31
Updated
2017-07-29
RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase.
Max CVSS
7.5
EPSS Score
0.16%
Published
2003-12-31
Updated
2017-07-29
RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byte passphrase in plaintext, which makes it easier for local users to guess the passphrase.
Max CVSS
7.5
EPSS Score
0.04%
Published
2003-12-31
Updated
2017-07-29
RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks.
Max CVSS
7.5
EPSS Score
0.18%
Published
2003-12-31
Updated
2017-07-29
4 vulnerabilities found