PT-2008-5233 · Truecrypt · Truecrypt
Jonathan Brossard
·
Published
2008-09-03
·
Updated
2018-10-11
·
CVE-2008-3899
CVSS v2.0
2.1
Low
| Vector | AV:L/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
TrueCrypt version 5.0
Description
The issue allows local users to obtain sensitive information by reading physical memory locations. This is due to the storage of pre-boot authentication passwords in the BIOS Keyboard buffer without properly clearing the buffer before and after use.
Recommendations
For TrueCrypt version 5.0, consider disabling the pre-boot authentication feature until a proper fix is implemented to clear the BIOS Keyboard buffer after use.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Truecrypt