Flaw in FileOpen Publisher for Adobe PDF

Flaw in FileOpen Publisher for Adobe PDF

am 23.09.2004 07:28:36 von mixmaster

FileOpen Publisher is a product which encrypts PDF files so that only "authorized"
users may open them with the proper code. This code is provided in the form
of an authorization string from the content provider of the PDF. There appears
to be a ridiculous flaw in at least one version of FileOpen that allows one
to unencrypt the PDF file without an authorization string, as follows:

Double-click to open the FileOpen-protected PDF file.

A dialog box is presented asking the user to enter the authorization string
for the file.

Minimize this dialog box. Then right-click the minimized box on the taskbar,
and select Close. FileOpen closes, but not without first decrypting the PDF
file as if the proper authorization string had been provided(!). I do not know
which versions are affected, but this should be tested by anyone with access
to FileOpen-protected PDF files, and a bug fix issued for the affected versions.