header-logo
Suggest Exploit
vendor:
On Guard
by:
SecurityFocus
7.5
CVSS
HIGH
Emergency Password Feature Exploit
287
CWE
Product Name: On Guard
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: MacOS
2002

On Guard Emergency Password Feature Exploit

On Guard, a security program for MacOS, includes an emergency password feature in the event that the administrative password is lost or forgotten. If the user name 'emergency' is entered, On Guard will generate an Emergency Code. The user must then call Power On Software, and after registration validation is done, provide the Emergency Code. Power On Software will then provide an emergency password. However, the method used to generate this emergency password has been reverse engineered, and an exploit is publicly available that will automatically generate the emergency password with no phone call.

Mitigation:

Users should ensure that they are running the latest version of On Guard, and should not rely on the emergency password feature.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/553/info

On Guard, a security program for MacOS, includes an emergency password feature in the event that the administrative password is lost or forgotten. If the user name 'emergency' is entered, On Guard will generate an Emergency Code. The user must then call Power On Software, and after registration validation is done, provide the Emergency Code. Power On Software will then provide an emergency password. However, the method used to generate this emergency password has been reverse engineered, and an exploit is publicly available that will automatically generate the emergency password with no phone call. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19439.sit

Navigation

Suggest Exploit

Services By CQR