Credant Mobile Guardian Shield up to 5.2.1.105 cleartext storage
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.2 | $0-$5k | 0.00 |
A vulnerability, which was classified as problematic, has been found in Credant Mobile Guardian Shield up to 5.2.1.105. Affected by this issue is an unknown code. The manipulation with an unknown input leads to a cleartext storage vulnerability. Using CWE to declare the problem leads to CWE-312. The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere. Impacted is confidentiality, integrity, and availability. CVE summarizes:
Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image. NOTE: This issue crosses privilege boundaries because the product is intended to protect the data on a stolen computer.
The weakness was disclosed 05/06/2007 by Mike as confirmed advisory (CERT.org). The advisory is shared for download at kb.cert.org. This vulnerability is handled as CVE-2007-2883 since 05/29/2007. The exploitation is known to be easy. The attack needs to be approached locally. No form of authentication is required for exploitation. There are neither technical details nor an exploit publicly available. The MITRE ATT&CK project declares the attack technique as T1555.
The vulnerability is also documented in the vulnerability database at X-Force (34487).
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.9VulDB Meta Temp Score: 5.2
VulDB Base Score: 5.9
VulDB Temp Score: 5.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Cleartext storageCWE: CWE-312 / CWE-310
CAPEC: 🔍
ATT&CK: 🔍
Local: Yes
Remote: No
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
05/06/2007 🔍05/24/2007 🔍
05/25/2007 🔍
05/25/2007 🔍
05/29/2007 🔍
05/29/2007 🔍
03/15/2015 🔍
10/26/2017 🔍
Sources
Advisory: kb.cert.orgResearcher: Mike
Status: Confirmed
CVE: CVE-2007-2883 (🔍)
X-Force: 34487 - Credant Mobile Guardian Shield paging file information disclosure
SecurityFocus: 24139 - Credant Mobile Guardian Shield Information Disclosure Vulnerability
Secunia: 25410 - Credant Mobile Guardian Shield for Windows Information Disclosure, Not Critical
OSVDB: 36524 - Credant Mobile Guardian Shield for Windows Cleartext Credential Disclosure
Entry
Created: 03/15/2015 15:58Updated: 10/26/2017 09:11
Changes: 03/15/2015 15:58 (53), 10/26/2017 09:11 (8)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.