|
Gator eWallet Insecure "Encryption"
|
|
Secunia Advisory:
|
SA9012
|
|
|
Release Date:
|
2003-06-12
|
|
Last Update:
|
2003-06-20
|
|
Popularity:
|
5,943 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Exposure of sensitive information
|
|
Where:
|
Local system
|
|
Solution Status:
|
Unpatched
|
|
| Software: | Gator eWallet 4.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
A weakness has been identified in Gator eWallet, which allows malicious, local users to see information stored in Gator eWallet.
The problem is that Gator promises the user that the data is encrypted, while it is infact merely scrambled using Base64 encoding.
Gator Corporation claims this to be untrue. They claim to be using a much stronger algorithm but have not informed which one.
Solution:
If you wish to save this kind of information on your system, you should use software that uses proper encryption techniques or stores the information on an removable media eg. a USB key.
Provided and/or discovered by:
Lorenzo Hernandez Garcia-Hierro
Changelog:
2003-06-20 Gator Corporation claims to be using a stronger algorithm.
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
