Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Product Security

FSC-2014-3: Memory Dump Information Leak

 

Brief Description

Decrypted information is stored in plaintext in process memory.

 

Products

Risk Level: Medium (Low/Medium/High/Critical)

  • F-Secure Key

 

Platforms

Risk Level: Medium (Low/Medium/High/Critical)

  • Windows
  • Mac OS X

 

Notes

After gaining access to the victim's computer and performing a memory dump operation, it was found that decrypted user information is kept in the system memory in plaintext format. A successful exploitation of this would result in the attacker gaining access to victim’s sensitive information such as stored passwords.

 

Mitigating Factor

An attacker will need to gain access to victim’s computer prior to exploiting the vulnerability.

 

Fix Available

Product Versions        Download
F-Secure Key for Windows 1.5.145

Upgrade to version 1.5.145 or download the latest client from http://www.f-secure.com/en/web/home_global/key

 

F-Secure Key for Mac OS X 1.5.146

Upgrade to version 1.5.146 or download the latest client from http://www.f-secure.com/en/web/home_global/key

 

 

Credits

F-Secure Corporation would like to thank Mr. Joonas Viskari for bringing this issue to our attention.

 

Date Issued: 2014-05-09
Date Last Updated: 2014-05-09

Get Support online

For documentation and product support, visit our Support site.