Avian Waves
®
\
Forums
\
RD Tabs
\
RD Tabs General Discussion
\
RD TABS VERSION 2.0 AND 2.1 SECURITY ADVISORY - RDTSF FILE FORMAT VULNERABILITY
Register
Login
Search
Blog
About
Software
Tools
RD Tabs
Legacy
XS BAP
VSCMap
SCHANNEL ADM Template
XS EDB Limit Changer
RemovableStorageDevice ADM Template
Windows Mobile Classic
Music
Discography
Avian Waves
TCX - All We Can Do
Studio
The Black Room
Keyboards
Rack Synths
Effects Processors
Mixing
Monitoring
Interfaces
Sequencing & Editing
Instruments Plugins
Effects Plugins
Contact
Forums
Blog
About
Software
Tools
RD Tabs
Legacy
XS BAP
VSCMap
SCHANNEL ADM Template
XS EDB Limit Changer
RemovableStorageDevice ADM Template
Windows Mobile Classic
Music
Discography
Avian Waves
TCX - All We Can Do
Studio
The Black Room
Keyboards
Rack Synths
Effects Processors
Mixing
Monitoring
Interfaces
Sequencing & Editing
Instruments Plugins
Effects Plugins
Contact
Forums
Welcome Guest! To enable all features please try to register or login.
×
Avian Waves Forums
Search
Help
×
Avian Waves Forums
RD Tabs
RD Tabs General Discussion
RD TABS VERSION 2.0 AND 2.1 SECURITY ADVISORY - RDTSF FILE FORMAT VULNERABILITY
RD TABS VERSION 2.0 AND 2.1 SECURITY ADVISORY - RDTSF FILE FORMAT VULNERABILITY
Previous Topic
Next Topic
Tools
Watch this topic
Print this topic
Atom Feed
RSS Feed
Timothy
100% (Exalted)
Flock Leader
Topic Starter
2008-05-20T14:56:53Z
#1
I discovered a cryptographic flaw in the way RD Tabs encrypts and decrypts RDTSF (RD Tabs Secure Favorites) files. This flaw may allow an attacker to decrypt your RDTSF file without knowing your password. Additionally, files you have encrypted may not always decrypt, even if you use the correct password. A new version of
RD Tabs 2.0
and
RD Tabs 2.1
(currently in Beta) will be released later today. The RDTSF files created with this new version will not be backward compatible with older version of RD Tabs, nor will older RDTSF files be forward compatible in newer version of RD Tabs.
Although the attack has been proven in a test lab, no known cases of exploit have been reported. Details of how to attack the file format are being withheld.
RD Tabs 2.0.14 and newer 2.0.x versions and RD Tabs 2.1.8 and newer 2.1.x are not vulnerable to this attack because the cryptographic algorithm has been fixed. RD Tabs 1.x and older versions are not vulnerable to this attack because they do not support the RDTSF file format.
If you store passwords in the older RDTSF file format, delete those files and generate new ones with the patched RD Tabs being released later today. If you do not store passwords, information disclosure is still possible, but it is not severe. If you do not use the RDTSF format to import and export favorites, you have nothing to worry about.
Edited by user
2018-03-25T04:10:48Z
|
Reason: Not specified
View All Posts by User
Timothy
100% (Exalted)
Flock Leader
Topic Starter
2008-07-07T10:46:28Z
#2
Just wanted to point out that the versions with the offending code are no longer available for download.
View All Posts by User
Atom Feed
Rss Feed
Users browsing this topic
Guest (2)
Avian Waves Forums
RD Tabs
RD Tabs General Discussion
RD TABS VERSION 2.0 AND 2.1 SECURITY ADVISORY - RDTSF FILE FORMAT VULNERABILITY
full film