1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA31605

DriveCrypt Plus Pack Password Disclosure Security Issue

Report ID: SA31605
Source: Secunia
Date of Discovery: 27.08.2008
Criticality: Low
Affects:
DriveCrypt Plus Pack 3.x
Compromise From: Local system
Compromise Type: Exposure of sensitive information

Summary

A security issue has been discovered in DriveCrypt Plus Pack, which can be exploited by malicious, local users to disclose sensitive information.

Detailed Description

A security issue has been discovered in DriveCrypt Plus Pack, which can be exploited by malicious, local users to disclose sensitive information.

The security issue is caused due to the BIOS keyboard buffer not being properly flushed when pre-boot authentication is used and can be exploited to disclose the used password.

The security issue is confirmed in version 3.9. Other versions may also be affected.

Solution

Grant only trusted users access to an affected system.

Do not use pre-boot authentication.