Vigil@nce - PowerArchiver: decrypting encrypted archives
March 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can decrypt archives created by PowerArchiver, even if
the victim chose the AES algorithm.
Impacted products: PowerArchiver
Severity: 2/4
Creation date: 13/03/2014
DESCRIPTION OF THE VULNERABILITY
The PowerArchiver product can create encrypted archives.
However, when the user presses the "Encrypt Files" button and
wants to use the AES algorithm, PowerArchiver uses the PKZIP
encryption instead (which is known to be breakable).
An attacker can therefore decrypt archives created by
PowerArchiver, even if the victim chose the AES algorithm.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/PowerArchiver-decrypting-encrypted-archives-14418