4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.3%
CREDANT Mobile Guardian Shield fails to properly remove credentials from memory, which may allow an attacker to obtain access to the Windows domain and encrypted drive contents.
CREDANT Mobile Guardian (CMG) Shield is a component of Mobile Guardian Enterprise Edition. CMG Shield provides policy-based encryption of specified files. CMG Shield fails to properly clear credentials out of system memory. The default configuration for CMG Shield does not encrypt the Windows pagefile, which means that the credentials may be written to disk. Please see the CREDANT vendor statement below in this vulnerability note for more details.
An attacker with access to the contents of system memory may be able to retrieve the user’s credentials, which can allow access to encrypted files.
Apply an update
This issue is addressed in CMG Enterprise Edition 5.2.1 SP1, which was released on May 1, 2007. Please see the CREDANT support site to obtain the update. Details for this vulnerability are available in the support post titled “Vulnerability in Credant Mobile Guardian Shield for Windows
.”
821865
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: April 17, 2007 Updated: June 01, 2007
Affected
`CREDANT Technologies takes security seriously and appreciates this opportunity
to explain how we addressed VU#821865. In addition to ongoing security reviews
by development and QA, CREDANT Mobile Guardian (CMG) is also subject to
periodic third party code reviews. Though preventing security vulnerabilities
is our primary goal, we are aware that issues can slip through, which is why we
frequently review both existing and new product functions and code.
Because we focus on data encryption, CREDANT has done significant work to
ensure on-going reviews around code and functions, including those supporting
authentication of authorized users. In addition to leveraging existing
Microsoft Windows domain authentication mechanisms, CREDANT’s development
process includes a variety of best practices to identify and quickly address
any issues that may be introduced whether they are a result of adding new
features or regular product maintenance. One of these best practices is the
requirement of internal peer audits any time a code change is made that could
interact with authentication credential processing. These reviews are designed
to check for a variety of issues and to ensure that we:
Per our procedures, passwords used by the Windows Shield were hashed before
being held in memory, but there were some instances where we failed to clear
the memory containing the original password used to create the hash. This
issue was identified in a regular internal code review and was confirmed by a
customer report on April 4, 2007 and by the CERT notification on April 17,
2007. CREDANT provided a test build fix to the reporting customer around April
19, 2007 and a final fix went into our CMG Enterprise Edition 5.2.1 SP1 release
on May 1, 2007. To prevent a recurrence of this issue, CREDANT also added some
core memory management functionality to our product to help ensure automatic
clearing of memory in many cases.
Our encryption policy defaults are generally off, which is driven by customer
demand that we allow them to decide what the acceptable risk is in their
environment. Though this drove our decision to set the “Encrypt Windows Paging
File” default policy to False, our documentation recommends changing this to
True when encryption is enabled. The CMG Administrator Help includes a section
of recommended policies by security level, where we suggest policy settings for
Low, Medium, and High security environments. The recommended value for “Encrypt
Windows Paging File” policy is True for all levels (High, Medium, and Low
security environments).`
The vendor has not provided us with any further information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Michael Iacovacci for reporting this vulnerability.
This document was written by Will Dormann.
CVE IDs: | CVE-2007-2883 |
---|---|
Severity Metric: | 0.49 Date Public: |