Are you looking to have your application properly secured by an experienced professional? Contact us today for a free private consultation. We specialize in web application security, mobile security, and also offer general consultation services. Click here for more information regarding all of our security services.
JpegX Authentication Bypass
Vendor: NerdLogic
Product: JpegX
Version: <= 2.0.3
Website: http://nerdlogic.org/jpegx/index.html
BID: 7298
Description:
Jpegx is a modern day application of steganography. It will encrypt and hide messages in jpeg files to provide ample medium for sending secure information. The images remain visually unchanged but the code inside is altered to hide your message. Anyone with the Jpegx program could read your message as long as they know the password that you encrypted it with.

Password Bypass Vulnerability:
JpegX is prone to a password bypass vulnerability. When no password credentials are supplied if using the JpegX wizard to decrypt, encrypted data contained in JPEG files JpegX will decipher the file regardless. This vulnerability may lead to sensitive information disclosure. Users should upgrade immediately.

Credits:
James Bercegay of the GulfTech Security Research Team.