Executive Summary
Summary | |
---|---|
Title | CREDANT Mobile Guardian Shield fails to remove credentials from memory |
Informations | |||
---|---|---|---|
Name | VU#821865 | First vendor Publication | 2007-06-01 |
Vendor | VU-CERT | Last vendor Modification | 2007-06-01 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.6 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#821865CREDANT Mobile Guardian Shield fails to remove credentials from memoryOverviewCREDANT Mobile Guardian Shield fails to properly remove credentials from memory, which may allow an attacker to obtain access to the Windows domain and encrypted drive contents.I. DescriptionCREDANT Mobile Guardian (CMG) Shield is a component of Mobile Guardian Enterprise Edition. CMG Shield provides policy-based encryption of specified files. CMG Shield fails to properly clear credentials out of system memory. The default configuration for CMG Shield does not encrypt the Windows pagefile, which means that the credentials may be written to disk. Please see the CREDANT vendor statement below in this vulnerability note for more details.II. ImpactAn attacker with access to the contents of system memory may be able to retrieve the user's credentials, which can allow access to encrypted files.III. SolutionApply an updateThis issue is addressed in CMG Enterprise Edition 5.2.1 SP1, which was released on May 1, 2007. Please see the CREDANT support site to obtain the update. Details for this vulnerability are available in the support post titled "Vulnerability in Credant Mobile Guardian Shield for Windows."
References
Thanks to Michael Iacovacci for reporting this vulnerability. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/821865 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
36524 | Credant Mobile Guardian Shield for Windows Cleartext Credential Disclosure |