Adobe eBook Reader File Transfer Authorization Voucher Weak Algorithm Vulnerability

Adobe eBook Reader File Transfer Authorization Voucher Weak Algorithm Vulnerability

Adobe eBook Reader is a client side application which is able to view Adobe eBooks, available for Microsoft Windows and Macintosh OS 9.

Reportedly, an eBook may be transferred to a different computer by backing up the book content and a number of datafiles. When the eBook is opened, however, the user will be prompted for a new authorization voucher, and given a challenge string.

It has been reported that the encryption scheme used for this challenge / response cycle is fundamentally flawed. Allegedly, both the challenge and response can be computed using commonly available cryptographic algorithms, based on secret information stored within the eBook Reader executable file.

A malicious user with details on the algorith may computer the correct response without vendor interaction.