Weak Random Number Generation in WinZip 8.0 Allows Brute Force Attack on Password-Protected ZIP Files

Weak Random Number Generation in WinZip 8.0 Allows Brute Force Attack on Password-Protected ZIP Files

CVE-2003-1376 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder.

Learn more about our User Device Pen Test.