Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   Kaspersky Anti-Virus Vendors:   Kaspersky Lab
Kaspersky Anti-Virus Authentication Process Can By Bypassed By Local Users
SecurityTracker Alert ID:  1011479
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Oct 2 2004
Original Entry Date:  Oct 1 2004
Impact:   Modification of system information, Modification of user information
Exploit Included:  Yes  
Version(s): 5.0.149, 5.0.153
Description:   A vulnerability was reported in Kaspersky Anti-Virus. A local user can bypass the password protection to modify the configuration or disable the application.

c4p0ne reported that a local user can use an application such as RAMcleaner to load the 'KAV.exe' application without having to authenticate. The user can then modify the configuration settings.

The vendor has been notified without response.

Impact:   A local user can bypass the authentication process and modify configuration settings.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Authentication error
Underlying OS:  Windows (Any)
Underlying OS Comments:  Tested only on Windows XP SP2

Message History:   None.

 Source Message Contents

Subject:  Kaspersky AntiVirus Window Caption GUI Bypass Vulnerability

I have discovered that the GUI part of KAV v5.0x (kav.exe) has a vulnerability that would allow any user to completely BYPASS the
 "password protection" in order to change settings or completely disable/exit KAV. There are dosens of shareware/freeware applications
 available on the internet that a user with malicious intentions could use to leverage this new vulnerability in KAV. The main 2 that
 I've tested so far are "Enabler" and "Ramcleaner" by and respectively.

Method Using RAMcleaner: Password protect the KAV interface. Open RAM Cleaner and click "task-cleaner", then select the KAV.exe process
 with the thread-caption "Kaspersky Anti-Virus Personal" and SIMPLY click "Activate Program". The password dialog will be COMPLETELY
 bypassed and ALL settings will be freely available for alteration INCLUDING changing the password, or subsiquenly using a generic
 password recovery utility to view the password in cleartext.

It has been nearly 2 1/2 weeks since I have sent multiple reports on this exploit to Kaspersky Labs and almost 2 months since I have
 discovered and verified it. I have recieved no response whatsoever, not even to tell me "your information has been noted". Perhaps
 the ability to fully disable your AV security measures by any old user that walks off the street into your place of business isn't
 considered a critical-enough exploit to warrant a reply.



Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC