Posted by Scott Arciszewski on Jan 15
Hi Full Disclosure Readers,
Let’s jump right into the vulnerability:
In May of last year, I reported to CryptoGuard that their cryptography
wasn’t guarding against chosen-ciphertext attacks, which is the sort of
oversight that would allow me to intercept a ciphertext message then keep
feeding it back into the decryption process with slight alterations until I
recovered the plaintext.