search menu icon-carat-right cmu-wordmark

CERT Coordination Center

CREDANT Mobile Guardian Shield fails to remove credentials from memory

Vulnerability Note VU#821865

Original Release Date: 2007-06-01 | Last Revised: 2007-06-01

Overview

CREDANT Mobile Guardian Shield fails to properly remove credentials from memory, which may allow an attacker to obtain access to the Windows domain and encrypted drive contents.

Description

CREDANT Mobile Guardian (CMG) Shield is a component of Mobile Guardian Enterprise Edition. CMG Shield provides policy-based encryption of specified files. CMG Shield fails to properly clear credentials out of system memory. The default configuration for CMG Shield does not encrypt the Windows pagefile, which means that the credentials may be written to disk. Please see the CREDANT vendor statement below in this vulnerability note for more details.

Impact

An attacker with access to the contents of system memory may be able to retrieve the user's credentials, which can allow access to encrypted files.

Solution

Apply an update

This issue is addressed in CMG Enterprise Edition 5.2.1 SP1, which was released on May 1, 2007. Please see the CREDANT support site to obtain the update. Details for this vulnerability are available in the support post titled "Vulnerability in Credant Mobile Guardian Shield for Windows."

Vendor Information

821865
 

CREDANT Technologies, Inc. Affected

Notified:  April 17, 2007 Updated: June 01, 2007

Status

Affected

Vendor Statement

CREDANT Technologies takes security seriously and appreciates this opportunity
to explain how we addressed VU#821865. In addition to ongoing security reviews
by development and QA, CREDANT Mobile Guardian (CMG) is also subject to
periodic third party code reviews. Though preventing security vulnerabilities
is our primary goal, we are aware that issues can slip through, which is why we
frequently review both existing and new product functions and code.

Because we focus on data encryption, CREDANT has done significant work to
ensure on-going reviews around code and functions, including those supporting
authentication of authorized users. In addition to leveraging existing
Microsoft Windows domain authentication mechanisms, CREDANT's development
process includes a variety of best practices to identify and quickly address
any issues that may be introduced whether they are a result of adding new
features or regular product maintenance. One of these best practices is the
requirement of internal peer audits any time a code change is made that could
interact with authentication credential processing. These reviews are designed
to check for a variety of issues and to ensure that we:

- hold credentials in memory for the least amount of time possible
- create a hash of any credentials that must be held in memory
- zero out any memory immediately after processing authentication credentials

Per our procedures, passwords used by the Windows Shield were hashed before
being held in memory, but there were some instances where we failed to clear
the memory containing the original password used to create the hash.  This
issue was identified in a regular internal code review and was confirmed by a
customer report on April 4, 2007 and by the CERT notification on April 17,
2007.  CREDANT provided a test build fix to the reporting customer around April
19, 2007 and a final fix went into our CMG Enterprise Edition 5.2.1 SP1 release
on May 1, 2007. To prevent a recurrence of this issue, CREDANT also added some
core memory management functionality to our product to help ensure automatic
clearing of memory in many cases.

Our encryption policy defaults are generally off, which is driven by customer
demand that we allow them to decide what the acceptable risk is in their
environment. Though this drove our decision to set the "Encrypt Windows Paging
File" default policy to False, our documentation recommends  changing this to
True when encryption is enabled. The CMG Administrator Help includes a section
of recommended policies by security level, where we suggest policy settings for
Low, Medium, and High security environments. The recommended value for "Encrypt
Windows Paging File" policy is True for all levels (High, Medium, and Low
security environments).

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Michael Iacovacci for reporting this vulnerability.

This document was written by Will Dormann.

Other Information

CVE IDs: CVE-2007-2883
Severity Metric: 0.49
Date Public: 2007-05-24
Date First Published: 2007-06-01
Date Last Updated: 2007-06-01 14:16 UTC
Document Revision: 4

Sponsored by CISA.