JumpDrive Secure Safe Guard obtain password
| jumpdrive-safeguard-obtain-password (17342) |  Medium Risk |
Description:
JumpDrive Secure could allow a local attacker to obtain sensitive information, caused by a vulnerability in the Safe Guard application, which allows users to divide the drive into a public and a private or password-protected zone. A local attacker could view the password on the device or from within memory and gain unauthorized access to the victim's files in the private zone.
Platforms Affected:
- Lexar, JumpDrive Secure 1.0
Remedy:
No remedy available as of June 27, 2009.
Consequences:
Obtain Information
References:
- @stake, Inc. Security Advisory a091304-1, Lexar JumpDrive Secure(tm) Password Extraction at http://www.webproxy.com/research/advisories/2004/a091304-1.txt.
- Lexar Web site, JumpDriveŽ Secure USB Flash Drive at http://www.lexar.com/jumpdrive/jd_secure.html.
- BID-11162: Lexar JumpDrive Secure USB Flash Drive Insecure Password Storage Vulnerability
- CVE-2004-0838: Lexar Safe Guard for JumpDrive Secure 1.0 stores the password insecurely in memory using XOR encryption, which allows local users to read the password directly from the device and access the password protected part of the drive.
- SA12522: Lexar JumpDrive Secure Password Disclosure Security Issue
Reported:
Sep 13, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net