Info

Disclosure

Nov 10, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

OpenSkat contains a flaw that may allow a malicious user to crack the encryption built into the game. The issue is due to the fact that the CheckGroup() function does not properly ensure that the variable "p" contains a number which is prime, leading to a weak cryptographic key. It is possible that the flaw may allow decryption of game information, resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Cryptographic
Impact: Loss of Confidentiality
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Heiko Stamer	OpenSkat	2.0
		1.x

References

Security Tracker: 1012181
Bugtraq ID: 11667
ISS X-Force ID: 18049
CVE ID: 2004-2721 (see also: NVD)
Vendor Specific News/Changelog Entry: http://freshmeat.net/projects/openskat/?branch_id=36295&release_id=178549
http://www.gaos.org/~capone/cvsweb/openSkat/ChangeLog?rev=1.21&content-type=text/ ......
Vendor URL: http://gaos.org/~stamer

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Heiko Stamer

OpenSkat

References

Credit