INFORMATION

Name : CVE-2008-3898 First Publication : 2008-09-03
Severity : Low Last Modification : 2009-08-26

SCORING CVSS v2

Cvss Base Score : 2.1 Attack Range : Local
Cvss Impact Score : 2.9 Attack Complexity : Low
Cvss Expoit Score : 3.9 Authentification : None Required

Calculate full CVSS 2.0 Vectors scores

DETAIL

Secu Star DriveCrypt Plus Pack 3.9 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.



CWE COMMON WEAKNESS ENUMERATION

Weakness : CWE-200 - Information Leak (Information Disclosure) (From NVD)
CPE COMMON PLATFORM ENUMERATION (from NVD)


OPEN SOURCE VULNERABILTY DATABASE (OSVDB)

47898 : DriveCrypt Plus Pack BIOS Keyboard Buffer Local Password Disclosure.


SECONDARY(S) SOURCE(S)


Source : BID
Url : http://www.securityfocus.com/bid/30818

Source : BUGTRAQ
Url : http://www.securityfocus.com/archive/1/archive/1/495803/100/0/threaded

Source : MISC
Url : http://www.ivizsecurity.com/preboot-patch.html
Url : http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf
Url : http://www.ivizsecurity.com/security-advisory-iviz-sr-0807.html

Source : SECUNIA
Url : http://secunia.com/advisories/31605

Source : SREASON
Url : http://securityreason.com/securityalert/4213