Security Advisories
FSC-2014-3: Memory Dump Information Leak
Description
Decrypted information is stored in plaintext in process memory.
Affected Products
- Risk Level (Low/Medium/High/Cricital) Medium
- F-Secure Key
Platforms
- Risk Level (Low/Medium/High/Cricital) Medium
- Windows
- Mac OS X
More Information
After gaining access to the victim's computer and performing a memory dump operation, it was found that decrypted user information is kept in the system memory in plaintext format. A successful exploitation of this would result in the attacker gaining access to victim's sensitive information such as stored passwords.
Mitigating Factor
An attacker will need to gain access to victim's computer prior to exploiting the vulnerability.
Fix Available
| Product | Versions | Fix |
|---|---|---|
| F-Secure Key for Windows | 1.5.145 | Upgrade to version 1.5.145 or download the latest client from https://www.f-secure.com/en/web/home_global/key |
| F-Secure Key for Windows | 1.5.146 | Upgrade to version 1.5.146 or download the latest client from https://www.f-secure.com/en/web/home_global/key |
Credits
F-Secure Corporation would like to thank Mr. Joonas Viskari for bringing this issue to our attention.
Date Issued: 2014-05-09
Date Last Updated: 2014-05-09