Vulnerability Note VU#165099
cryptcat does not encrypt data communications when -e command argument is used
Overview
With certain options used, cryptcat does not encrypt network connections as expected.
Description
Cryptcat is an enhanced version of netcat that adds twofish encryption. If cryptcat is started in listen (server) mode binding a shell to a network port, cryptcat fails to enable encryption. Without encryption enabled on the server, cryptcat clients will not be able to connect. Furthermore, netcat clients can connect to the server port and communicate without encryption. |
Impact
Users may open unencrypted ports on the server with the assumption that any connections to that port will be encrypted by cryptcat. |
Solution
The CERT/CC is currently unaware of a practical solution to this problem. |
None. |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Farm9 | Unknown | - | 11 Dec 2001 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
Credit
Thanks to Eric Sheesley for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
Other Information
- CVE IDs: Unknown
- Date Public: 02 Mar 2002
- Date First Published: 02 Mar 2002
- Date Last Updated: 23 Feb 2004
- Severity Metric: 0.09
- Document Revision: 13
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.