CVE-2014-3950: A Document Encryption Vulnerability Disclosure
Congratulations on CVE 2014 3950!
This is my first relatively major vulnerability discovery that I’ve been sitting on for two months, and almost forgot about until now. It was purely by chance, when I decided to look at an ‘encrypted’ document in a hex editor (for no good reason). I had set the encryption and a password was required to open the file in Kingsoft Writer, but I found a line of the plaintext was still readable. Here’s a screenshot of the hex dump:
Unsure of whether the encryption failed to work completely, I ran the same test again, this time with a larger file and using ‘Microsoft Enhanced RSA and AES Cryptographic Provider’:
In the hex dump for this, portions of the plaintext were visible again, and most of it encrypted.
After further experimentation and mapping out the document’s file structure, I discovered that Kingsoft Writer doesn’t encrypt the file, but instead a…
View original post 382 more words