F-Secure
Tools
DriveCrypt Plus Pack Password Disclosure Security Issue
| Report ID: | SA31605 |
| Source: | Secunia |
| Date of Discovery: | 27.08.2008 |
| Criticality: | Low |
| Affects: | DriveCrypt Plus Pack 3.x |
| Compromise From: | Local system |
| Compromise Type: | Exposure of sensitive information |
Summary
A security issue has been discovered in DriveCrypt Plus Pack, which can be exploited by malicious, local users to disclose sensitive information.
Detailed Description
A security issue has been discovered in DriveCrypt Plus Pack, which can be exploited by malicious, local users to disclose sensitive information.
The security issue is caused due to the BIOS keyboard buffer not being properly flushed when pre-boot authentication is used and can be exploited to disclose the used password.
The security issue is confirmed in version 3.9. Other versions may also be affected.
The security issue is caused due to the BIOS keyboard buffer not being properly flushed when pre-boot authentication is used and can be exploited to disclose the used password.
The security issue is confirmed in version 3.9. Other versions may also be affected.
Solution
Grant only trusted users access to an affected system.
Do not use pre-boot authentication.
Do not use pre-boot authentication.