OSVDB ID: 85115 Title: UPEK Protector Suite Insecure Credential Storage Local Information Disclosure |
Info |
|
|
Dates |
||||
|
|
Description |
UPEK Protector Suite contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the program stores credential information in the Windows registry with insufficient encryption. This may disclose credential information to a local attacker. |
Classification |
Location:
Physical Access Required
Attack Type: Information Disclosure Impact: Loss of Confidentiality Solution: Workaround Exploit: Exploit Private Disclosure: Uncoordinated Disclosure |
Solution |
Currently, there are no known upgrades or patches to correct this vulnerability. It is possible to temporarily work around the flaw by implementing the following workaround: Disable the Windows logon feature. |
Products |
|
Credit |
Unknown or Incomplete |