Design/Logic Flaw

2008-09-0314:12:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer. NOTE: the researcher mentions a response from the vendor denying the vulnerability.

CPENameOperatorVersion
truecrypteq5.0

CPE	Name	Operator	Version
	truecrypt	eq	5.0

References

securityreason.com/securityalert/4203

www.ivizsecurity.com/preboot-patch.html

www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf

www.securityfocus.com/archive/1/495805/100/0/threaded