CVE-2007-2883 - Vulnerability Details - OpenCVE

Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image. NOTE: This issue crosses privilege boundaries because the product is intended to protect the data on a stolen computer.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Credant	Credant Mobile Guardian Shield - Windows

Configuration 1 [-]

cpe:2.3:a:credant:credant_mobile_guardian_shield_-_windows:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/36524
http://secunia.com/advisories/25410
http://securityreason.com/securityalert/2753
http://www.kb.cert.org/vuls/id/821865
http://www.securityfocus.com/archive/1/469486/100/0/threaded
http://www.securityfocus.com/bid/24139
https://exchange.xforce.ibmcloud.com/vulnerabilities/34487

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-05-30T01:00:00

Updated: 2024-08-07T13:57:54.216Z

Reserved: 2007-05-29T00:00:00

Link: CVE-2007-2883

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-05-30T01:30:00.000

Modified: 2024-11-21T00:31:53.470

Link: CVE-2007-2883

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-24T00:00:00", "descriptions": [{"lang": "en", "value": "Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image. NOTE: This issue crosses privilege boundaries because the product is intended to protect the data on a stolen computer."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "VU#821865", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/821865"}, {"name": "20070524 Vulnerability in Credant Mobile Guardian Shield for Windows", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/469486/100/0/threaded"}, {"name": "36524", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36524"}, {"name": "2753", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2753"}, {"name": "25410", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25410"}, {"name": "24139", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24139"}, {"name": "mobileguardianshield-paging-info-disclosure(34487)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34487"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2883", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image. NOTE: This issue crosses privilege boundaries because the product is intended to protect the data on a stolen computer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "VU#821865", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/821865"}, {"name": "20070524 Vulnerability in Credant Mobile Guardian Shield for Windows", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/469486/100/0/threaded"}, {"name": "36524", "refsource": "OSVDB", "url": "http://osvdb.org/36524"}, {"name": "2753", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2753"}, {"name": "25410", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25410"}, {"name": "24139", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24139"}, {"name": "mobileguardianshield-paging-info-disclosure(34487)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34487"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:57:54.216Z"}, "title": "CVE Program Container", "references": [{"name": "VU#821865", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/821865"}, {"name": "20070524 Vulnerability in Credant Mobile Guardian Shield for Windows", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/469486/100/0/threaded"}, {"name": "36524", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/36524"}, {"name": "2753", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2753"}, {"name": "25410", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/25410"}, {"name": "24139", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/24139"}, {"name": "mobileguardianshield-paging-info-disclosure(34487)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34487"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2883", "datePublished": "2007-05-30T01:00:00", "dateReserved": "2007-05-29T00:00:00", "dateUpdated": "2024-08-07T13:57:54.216Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:credant:credant_mobile_guardian_shield_-_windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2840A920-3D9E-41F0-93FE-69ABCAD8D67F", "versionEndIncluding": "5.2.1.105", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier stores account names and passwords in plaintext in memory, which allows local users to obtain sensitive information by (1) reading the paging file or (2) dumping and searching the memory image. NOTE: This issue crosses privilege boundaries because the product is intended to protect the data on a stolen computer."}, {"lang": "es", "value": "Credant Mobile Guardian Shield para Windows 5.2.1.105 y anteriores almacena nombres de cuenta y contrase\u00f1as en texto plano en memoria, lo cual permite a usuarios locales obtener informaci\u00f3n sensible (1) leyendo el archivo de paginaci\u00f3n o (2) volcando una imagen de memoria y buscando. NOTA: este problema cruza l\u00edmites de privilegios porque el producto pretende proteger los datos en una computadora robada."}], "evaluatorSolution": "This issue is addressed in patch version 5.2.1.125 of this product.", "id": "CVE-2007-2883", "lastModified": "2024-11-21T00:31:53.470", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-05-30T01:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/36524"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25410"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2753"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/821865"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/469486/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/24139"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34487"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/36524"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/25410"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2753"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/821865"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/469486/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/24139"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34487"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}