CVE-2007-0163

critical

Description

SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/31378

http://www.securityfocus.com/archive/1/456519/100/0/threaded

http://www.securityfocus.com/archive/1/456283/100/0/threaded

http://secunia.com/advisories/23639

http://osvdb.org/31244

Details

Source: Mitre, NVD

Published: 2007-01-10

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.00636