Lucene search

[email protected]CVE-2008-3899

HistorySep 03, 2008 - 2:12 p.m.

CVE-2008-3899

2008-09-0314:12:00

CWE-200

[email protected]

web.nvd.nist.gov

truecrypt

vulnerability

local users

sensitive information

bios

keyboard buffer

nvd

cve-2008-3899

6.6 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. NOTE: the researcher mentions a response from the vendor denying the vulnerability.

CPENameOperatorVersion
truecrypt_foundation:truecrypttruecrypt foundation truecrypteq5.0

CPE	Name	Operator	Version
truecrypt_foundation:truecrypt	truecrypt foundation truecrypt	eq	5.0

References

securityreason.com/securityalert/4203

www.ivizsecurity.com/preboot-patch.html

www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf

www.securityfocus.com/archive/1/495805/100/0/threaded

6.6 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2008-3899

prion1 cvelist1