McAfee SafeBoot Device Encryption Plain Text Password Disclosure

September 25th, 2008 by admin in News, Password Info

The password checking routine of SafeBoot Device Encryption fails to sanitize the BIOS keyboard buffer after reading passwords, resulting in plain text password leakage to unprivileged local users.

Vulnerable Systems:
* SafeBoot Device Encryption version 4 Build 4750 and below

Immune Systems:
* SafeBoot Device Encryption version 4 Build 4760 and above
* SafeBoot Device Encryption version 5.x

SafeBoot’s pre-boot authentication routines use the BIOS API to read user input via the keyboard. The BIOS internally copies the keystrokes in a RAM structure called the BIOS Keyboard buffer inside the BIOS Data Area. This buffer is not flushed after use, resulting in potential plain text password leakage once the OS is fully booted, assuming the attacker can read the password at physical memory location 0x40:0x1e.

Leave a reply