SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   McAfee VirusScan Vendors:   McAfee
McAfee VirusScan Lets Local Users Bypass the Password Protection Feature
SecurityTracker Alert ID:  1017791
SecurityTracker URL:  http://securitytracker.com/id/1017791
CVE Reference:   CVE-2007-1538   (Links to External Site)
Updated:  May 19 2008
Original Entry Date:  Mar 19 2007
Impact:   User access via local system
Exploit Included:  Yes  
Version(s): 8.5.0.i, possibly other versions
Description:   A vulnerability was reported in McAfee VirusScan. A local user can bypass the password protection feature.

A local user with write access to the Windows Registry can delete the UIP value from the registry to eliminate any password protection.

The UID value is stored in HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection\ or HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion.

NtWaK0 reported this vulnerability.

The original advisory is available at:

http://homepage.mac.com/adonismac/Advisory/bypass_mcafee_entreprise_password.html

3APA3A reported that unprivileged users do not have write access to the 'HKEY_LOCAL_MACHINE\Software' registry section and should not be able to overwrite the password key unless the McAfee software applies weaker than normal access controls on their registry entries.

Impact:   A local user can bypass the password protection feature.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.mcafee.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Bypassing Mcafee Entreprise Password Protection

Date : 03/16/2007

URL: http://homepage.mac.com/adonismac/Advisory/bypass_mcafee_entreprise_password.html

 
Affected Product / OS
=====================
Product Name and Version: McAfee VirusScan Entreprise 8.5.0.i maybe older version too.

Tested on OS: Windows XP, 2003

Bug Type
========
Type: Bad Design
 
Bug Results
===========
Bypass Password Protection

Bug Description
===============
Mcafee virusscan Enterprise version allow you to lock the user interface using a password. A user write access windows registry.

The password is saved in UIP under the key HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection

Or it can be under

HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion


If you remove the value of the UIP you will end up bypassing the password.


You can replace the value if you wish too with a known value, but why bother when you can remove the password.
I think this type of protection is not too secure. 


Proof-Of-Concept
================
http://homepage.mac.com/adonismac/Advisory/crack_mcafee_password_protection.html


Peace to you all

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC