CVE-2021-27211
HIGHsteghide 0.5.1 - Hidden Data Detection via Weak PRNG Seed
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-27211. PoCs published by b4shfire.
AI-analyzed exploit summary Stegcrack exploits CVE-2021-27211 in Steghide by brute-forcing the 32-bit seed derived from the password, allowing extraction of hidden data without knowing the password. It leverages the weak seed generation mechanism in Steghide to bypass encryption.
Description
steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data.
Exploits (1)
Stegcrack exploits CVE-2021-27211 in Steghide by brute-forcing the 32-bit seed derived from the password, allowing extraction of hidden data without knowing the password. It leverages the weak seed generation mechanism in Steghide to bypass encryption.
References (4)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N