TrueCrypt Multiple Vulnerabilities

2014-04-14 / 2014-04-17
Credit: iSEC
Risk: High
Local: Yes
Remote: No
CWE: N/A

1. Weak Volume Header key derivation algorithm 2. Sensitive information might be paged out from kernel stacks 3. Multiple issues in the bootloader decompressor 4. Windows kernel driver uses memset() to clear sensitive data 5. TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG kernel pointer disclosure 6. IOCTL_DISK_VERIFY integer overflow 7. TC_IOCTL_OPEN_TEST multiple issues 8. MainThreadProc() integer overflow 9. MountVolume() device check bypass 10. GetWipePassCount() / WipeBuffer() can cause BSOD 11. EncryptDataUnits() lacks error handling Read more: https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf

Referencje:

https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top