Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   McAfee VirusScan Vendors:   McAfee
McAfee VirusScan Lets Local Users Bypass the Password Protection Feature
SecurityTracker Alert ID:  1017791
SecurityTracker URL:
CVE Reference:   CVE-2007-1538   (Links to External Site)
Updated:  May 19 2008
Original Entry Date:  Mar 19 2007
Impact:   User access via local system
Exploit Included:  Yes  
Version(s): 8.5.0.i, possibly other versions
Description:   A vulnerability was reported in McAfee VirusScan. A local user can bypass the password protection feature.

A local user with write access to the Windows Registry can delete the UIP value from the registry to eliminate any password protection.

The UID value is stored in HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection\ or HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion.

NtWaK0 reported this vulnerability.

The original advisory is available at:

3APA3A reported that unprivileged users do not have write access to the 'HKEY_LOCAL_MACHINE\Software' registry section and should not be able to overwrite the password key unless the McAfee software applies weaker than normal access controls on their registry entries.

Impact:   A local user can bypass the password protection feature.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  Bypassing Mcafee Entreprise Password Protection

Date : 03/16/2007


Affected Product / OS
Product Name and Version: McAfee VirusScan Entreprise 8.5.0.i maybe older version too.

Tested on OS: Windows XP, 2003

Bug Type
Type: Bad Design
Bug Results
Bypass Password Protection

Bug Description
Mcafee virusscan Enterprise version allow you to lock the user interface using a password. A user write access windows registry.

The password is saved in UIP under the key HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection

Or it can be under

HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion

If you remove the value of the UIP you will end up bypassing the password.

You can replace the value if you wish too with a known value, but why bother when you can remove the password.
I think this type of protection is not too secure. 


Peace to you all


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, LLC