Vulnerability Note VU#165099
cryptcat does not encrypt data communications when -e command argument is used
With certain options used, cryptcat does not encrypt network connections as expected.
Cryptcat is an enhanced version of netcat that adds twofish encryption.
If cryptcat is started in listen (server) mode binding a shell to a network port, cryptcat fails to enable encryption. Without encryption enabled on the server, cryptcat clients will not be able to connect. Furthermore, netcat clients can connect to the server port and communicate without encryption.
Users may open unencrypted ports on the server with the assumption that any connections to that port will be encrypted by cryptcat.
The CERT/CC is currently unaware of a practical solution to this problem.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Farm9||Unknown||-||11 Dec 2001|
CVSS Metrics (Learn More)
Thanks to Eric Sheesley for reporting this vulnerability.
This document was written by Shawn Van Ittersum.
- CVE IDs: Unknown
- Date Public: 02 Mar 2002
- Date First Published: 02 Mar 2002
- Date Last Updated: 23 Feb 2004
- Severity Metric: 0.09
- Document Revision: 13
If you have feedback, comments, or additional information about this vulnerability, please send us email.