exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Atstake Security Advisory 04-09-13.1

Atstake Security Advisory 04-09-13.1
Posted Sep 15, 2004
Authored by Atstake, Katie Moussouris, Luis Miras | Site atstake.com

Atstake Security Advisory A091304-1 - JumpDrive Secure(tm) Version 1.0 and Lexar Safe Guard(tm) software fail to securely store the device's password. The password is located on the JumpDrive device. It can be read directly from the device without any authentication. It is stored in an XOR encrypted form and can be read directly from the device without any authentication.

tags | advisory
SHA-256 | 19e3c98687b101bb6f65531e4ac0c37464aec24b77de3b222fbb5a7d29c84e77

Atstake Security Advisory 04-09-13.1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


@stake, Inc.
www.atstake.com
Security Advisory

Advisory Name: Lexar JumpDrive Secure(tm) Password Extraction
Release Date: 09-13-2004
Application: JumpDrive Secure(tm) Version 1.0 and Lexar Safe
Guard(tm) software
Platform: Windows and Mac
Severity: An attacker can extract the password from the
Lexar JumpDrive Secure and access the private
partition.
Authors: Katie Moussouris <kmoussouris@atstake.com>
Luis Miras <lmiras@intrusion.com>
Vendor Status: Contacted, No response
CVE Candidate: CVE Candidate number applied for
Reference: www.atstake.com/research/advisories/2004/a091304-1.txt


Overview:

- From the User Guide:
"Lexar Safe Guard(tm) is an application that allows you to password
protect private files on your Lexar Jump Drive. Safe Guard allows
you to divide your JumpDrive into two different areas, or zones.
The public zone, which comes up automatically when you insert your
Jump Drive into a USB port on your computer, is accessible by any
one using your drive. The private zone is password-protected and no
one can open, copy, or write files to it without entering the
password first."

There is a method of accessing the private zone on the JumpDrive
Secure device without knowing the password beforehand. The
password can be observed in memory or read directly from the
device, without evidence of tampering. All data thought to be
secure in the private zone can be accessed, altered, or deleted
arbitrarily by an attacker with physical access to the device.


Details:

The password is located on the JumpDrive device. It can be read
directly from the device without any authentication. It is stored
in an XOR encrypted form and can be read directly from the device
without any authentication.

It is also possible to attach a debugger to the Safe Guard
software and read the password from memory. The Safe Guard
software takes care of the decryption and the password can be
seen in plain text within memory when the software does a
compare between the stored password and the supplied password.


Vendor Response:

08-05-2004 Vendor contacted via email to support@lexarmedia.com
No response.
08-12-2004 Vendor contacted again via email to support, sales
Public Relations, Investor Relations, and general
inquiry email addresses.
08-12-2004 Automated response from support received
09-13-2004 No further response from vendor, advisory released

Vendor has not acknowledged issue or produced a fix.


Recommendation:

Users of this device should not trust the security of the
private partition if the device is not in their possession.


Common Vulnerabilities and Exposures (CVE) Information:

The Common Vulnerabilities and Exposures (CVE) project has
assigned the following names to these issues. These are
candidates for inclusion in the CVE list (http://cve.mitre.org),
which standardizes names for security problems.

CAN-2004-XXXX Lexar JumpDrive Secure(tm) Password Extraction


@stake Vulnerability Reporting Policy:
http://www.atstake.com/research/policy/

@stake Advisory Archive:
http://www.atstake.com/research/advisories/

PGP Key:
http://www.atstake.com/research/pgp_key.asc

Copyright 2004 @stake, Inc. All rights reserved.


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQUXWdke9kNIfAm4yEQIsbACggguUCcKRk1eoz2yRk/hqbYEFH7YAoLjW
2PPdcVbM2ucT2L8NUZ2c0AYe
=KdSu
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close