Microsoft BitLocker密码泄漏漏洞

CNCAN ID：CNCAN-2008090201 Microsoft BitLocker是一款微软开发的驱动器上进行完整卷加密，为数据提供额外的安全保护的应用程序。 Microsoft BitLocker存在设计问题，本地攻击者可以利用漏洞获得敏感信息。 Bitlocker预启动验证函数使用BIOS API读取通过用户的键盘输入，BIOS内部拷贝RAM结构中的击键，所谓的BIOS数据区中的BIOS键盘缓冲区。这个缓冲区在使用后没有被刷新，一旦操作系统完全重新引导可能导致敏感密码泄漏，这里假定攻击者可以在物理内存地址0x40:0x1e处读取密码。 Microsoft Windows...

[IVIZ-08-008] LILO Security Model bypass exploiting wrong BIOS API usage

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- iViZ Security Advisory 08-008 25/08/2008 - ----------------------------------------------------------------------- iViZ Techno Solutions Pvt. Ltd. http://www.ivizsecurity.com -...

[IVIZ-08-003] TrueCrypt Security Model bypass exploiting wrong BIOS API usage

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- iViZ Security Advisory 08-003 25/08/2008 - ----------------------------------------------------------------------- iViZ Techno Solutions Pvt. Ltd. http://www.ivizsecurity.com -...

[IVIZ-08-006] DiskCryptor Security Model bypass exploiting wrong BIOS API usage

----------------------------------------------------------------------- iViZ Security Advisory 08-006 25/08/2008 ----------------------------------------------------------------------- iViZ Techno Solutions Pvt. Ltd. http://www.ivizsecurity.com...