Tuesday, July 11, 2006

MathCAD security vulnerability revealed

Like most interpretted systems, MathCAD suffers from the need to pass source code of your work to others for them to be able to use it. Like many systems, it tackles this with an option to encrypt the source code and give password access control to it.

An analysis of the vulnerabilities of the MathCAD implementation was released a couple of days ago on a Russian "security" site.

It turns out to be shockingly simple to bypass. Essentially, open in a text editor, find the "is-locked" attribute and type "false". The article also describes how to change content, fake the timestamp, and re-lock it.

If you were relying on this to secure your property or control modification, consider your work now open-source and meddled with.

No comments: