vendor:
FileGuard
by:
SecurityFocus
5.1
CVSS
MEDIUM
Weak Password Encryption
326
CWE
Product Name: FileGuard
Affected Version From: 7
Affected Version To: 9.1
Patch Exists: YES
Related CWE: N/A
CPE: a:intego:fileguard
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Mac OS
2002
Intego FileGuard Weak Password Encryption Vulnerability
Intego FileGuard is a commercial access control utility for Mac OS versions 7-9.1. It's functionality includes the ability to enforce privileges, log activities, manage user accounts, restrict access by time, etc. However, a vulnerability exists which allows a local user to circumvent those controls and elevate privileges. A weak algorithm is used to encrypt the stored passwords. mSec has released a tool called Disengage which will attempt to decrypt passwords, provided circumstances exist which allow Disengage to work. Passwords for Intego DiskGuard may also be decrypted in this manner.
Mitigation:
Ensure that the latest version of Intego FileGuard is installed and that all passwords are strong and complex.
