BID:30630

McAfee Encrypted USB Manager Remote Security Bypass Vulnerability

Info

McAfee Encrypted USB Manager Remote Security Bypass Vulnerability

Bugtraq ID:	30630
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2008-3605
Remote:	Yes
Local:	No
Published:	Aug 11 2008 12:00AM
Updated:	May 07 2015 05:25PM
Credit:	McAfee
Vulnerable:	McAfee Encrypted USB Manager 3.1 .0

Not Vulnerable:	McAfee Encrypted USB Manager 3.1.1 .0 McAfee Encrypted USB Manager 3.1 .15

Discussion

McAfee Encrypted USB Manager Remote Security Bypass Vulnerability

McAfee Encrypted USB Manager is prone to a security-bypass vulnerability.

Attackers can exploit this issue to bypass certain security restrictions and perform an offline password-guessing attack.

This issue affects McAfee Encrypted USB Manager 3.1.0.0; other versions may also be affected.

Exploit / POC

McAfee Encrypted USB Manager Remote Security Bypass Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

McAfee Encrypted USB Manager Remote Security Bypass Vulnerability

Solution:
The vendor has released a fix. Please see the references for more information.

McAfee Encrypted USB Manager 3.1 .0

McAfee ServicePack1-McAfeeEncryptedUSBManagerv3.zip
http://download.nai.com/products/patches/EncryptedUSB/ServicePack1-McA feeEncryptedUSBManagerv3.zip

References

McAfee Encrypted USB Manager Remote Security Bypass Vulnerability

References:

McAfee Encrypted USB Homepage (McAfee)
McAfee Service Pack 1 for McAfee Encrypted USB Manager v3.1 (McAfee)