PT-2008-5231 · None · Diskcryptor

Published

2008-09-03

Updated

2018-10-11

CVE-2008-3897

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions DiskCryptor version 0.2.6

Description The issue allows local users to obtain sensitive information, specifically pre-boot authentication passwords, by reading physical memory locations associated with the BIOS Keyboard buffer. This is because the passwords are stored in this buffer and not cleared before and after use.

Recommendations For DiskCryptor version 0.2.6, consider clearing the BIOS Keyboard buffer after use to prevent sensitive information from being obtained. As a temporary workaround, restrict physical access to the system to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2008-3897

Affected Products

Diskcryptor

PT-2008-5231 · None · Diskcryptor

CVE-2008-3897

Weakness Enumeration

Related Identifiers

Affected Products

References · 5