Info

Disclosure

Feb 12, 2002

Discovery

Feb 02, 2002

Dates

Exploit

Feb 12, 2002

Solution

Unknown

Description

BioLogon contains a flaw that may allow a malicious user to bypass authentication. The issue is triggered when CTRL-ALT-DEL is issued at a logon screen, which grants an attacker access to the GINA (Graphical Identification and Authentication) interface. From this interface, the attacker can initiate browsing with SYSTEM privileges. It is possible that the flaw may allow arbitrary file access and modification resulting in a loss of confidentiality and/or integrity.

Classification

Location: Physical Access Required
Attack Type: Authentication Management
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Identix has released a patch to address this vulnerability.

Products

Identix

BioLogon

3.0

References

CVE ID: 2002-0268 (see also: NVD)
Bugtraq ID: 4101
ISS X-Force ID: 8201
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-02/0136.html

Credit

Paul Roberts - paul.a.robertsstate.or.us - Oregon Department of Human Services

Direct URL: http://osvdb.org/36218