Title: Anubis Plugin for encrypt Original File Size Information Disclosure Weakness
Severity: MODERATE
Description:
The 'encrypt' application is a freely available utility designed to encrypt and decrypt sensitive information. The Anubis plugin for 'encrypt' provides additional encryption algorithms.
The Anubis plugin for 'encrypt' is prone to an information-disclosure weakness because the software fails to properly safeguard potentially sensitive information.
Specifically, the software includes the original file size of the encrypted contents in the header of the resulting output. The original file size is available as plain text, allowing attackers to discern the amount of random padding added to the original file during the encryption process.
Successfully gaining access to the exposed information may aid attackers in performing cryptanalysis on encrypted file contents. This may aid in further attacks.
Versions prior to Anubis 1.3 are affected.
Affected Products:
- albinoloverats Anubis Plugin for encrypt
References:
- albinoloverats: Anubis Plugin Product Page
- albinoloverats: Anubis+Ripe160 1.3
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
