User Tools

Site Tools


Security Bulletin 1

The 8th of January 2016, Stefan Kanthak revealed a vulnerability of the TrueCrypt installer (read here). The GostCrypt installer is based on the same source code, so we were also vulnerable to this exploit.

We have corrected the problem in the new version (1.3). But we would like to add something to the problem.

The previous installer looked for DLLs in the folder it is in. If a DLL is malicious, it will be loaded anyways and will be executed by the installer. According to this article, 80% of program installers are vulnerable.

With the 1.3 version of GostCrypt, you don't have to worry about this vulnerability. We have changed the way the program look for DLLs when installing, so it only look for the DLLs useful for it.

sec_bul_1.txt · Last modified: 2016/01/15 13:42 by tbertin