JpegX Authentication Bypass
Vendor: NerdLogic
Product: JpegX
Version: <= 2.0.3
Website: http://nerdlogic.org/jpegx/index.html
BID: 7298
Description:
Jpegx is a modern day application of steganography. It will encrypt and hide messages in jpeg files to provide ample medium for sending secure information. The images remain visually unchanged but the code inside is altered to hide your message. Anyone with the Jpegx program could read your message as long as they know the password that you encrypted it with.

Password Bypass Vulnerability:
JpegX is prone to a password bypass vulnerability. When no password credentials are supplied if using the JpegX wizard to decrypt, encrypted data contained in JPEG files JpegX will decipher the file regardless. This vulnerability may lead to sensitive information disclosure. Users should upgrade immediately.

Credits:
James Bercegay of the GulfTech Security Research Team.