Folder Lock Weak Password Encryption Local Information Disclosure Vulnerability

Bugtraq ID:	30771
Class:	Design Error
CVE:	CVE-2008-3775
Remote:	No
Local:	Yes
Published:	Aug 20 2008 12:00AM
Updated:	May 07 2015 05:24PM
Credit:	Charalambous Glafkos and George Nicolaou
Vulnerable:	NewSoftwares.net Folder Lock 5.9.5
Not Vulnerable:

Folder Lock Weak Password Encryption Local Information Disclosure Vulnerability

Folder Lock is prone to an information-disclosure vulnerability because it stores credentials in an insecure manner.

A local attacker can exploit this issue to obtain passwords used by the application, which may aid in further attacks.

Folder Lock 5.9.5 is vulnerable; other versions may also be affected.

Folder Lock Weak Password Encryption Local Information Disclosure Vulnerability

Attackers need local, interactive access to a vulnerable computer to exploit this issue.

The following exploit code is available:

• /data/vulnerabilities/exploits/30771.cs

Folder Lock Weak Password Encryption Local Information Disclosure Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Folder Lock Weak Password Encryption Local Information Disclosure Vulnerability

References:

• Folder Lock Homepage (NewSoftwares.net)
  
• Folder Lock <= 5.9.5 Local Password Information Disclosure ([email protected])