Impact
AES Crypt for Linux built using the source on GitHub and having the version number 3.0.11 has a vulnerability with respect to reading user-provided passwords and confirmations via command-line prompts. This does not affect source code found on aescrypt.com, nor is the vulnerability present when providing a password or a key via the -p or -k command-line options.
Patches
The problem was fixed via in 6876185.
Workarounds
Rather than enter passwords when prompted, use the -p or -k options to provide a password or key.
References
No other reference exists.
For more information
Questions or comments may be directed to the author at paulej@packetizer.com.
Impact
AES Crypt for Linux built using the source on GitHub and having the version number 3.0.11 has a vulnerability with respect to reading user-provided passwords and confirmations via command-line prompts. This does not affect source code found on aescrypt.com, nor is the vulnerability present when providing a password or a key via the
-por-kcommand-line options.Patches
The problem was fixed via in 6876185.
Workarounds
Rather than enter passwords when prompted, use the
-por-koptions to provide a password or key.References
No other reference exists.
For more information
Questions or comments may be directed to the author at paulej@packetizer.com.