lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <D1A45C664A2CCA4FB42F834834B3E7CB0164C359@siebe001.apac.nokia.com>
Date: Mon, 21 Apr 2003 12:10:43 +0800
From: <Leonard.Ong@...ia.com>
To: <bugtraq@...urityfocus.com>
Subject: ACER Travelmate 600 and 800 series - Smartcard flawed Implementation



Background
-------------------

Acer Travelmate 600, 800 series notebooks include a smartcard reader, two smartcards and a security application called Platinum Secure.  The smart card security system  should prevent access to the console while the smartcard is not present or when password has not been entered. However, with a simple test, a limited access is possible to bypass the security system.

Vulnerable systems
-------------------------------

All Travelmate notebooks 600, and 800 series that has smartcard security system installed (Platinum Secret). This includes the latest notebooks 650XCI/LCI, Centrino-based 800XCI,LCI.  These notebooks are running old Platinum Secret version 1.0.84.  It is unknown whether the newest version 2.6.1 (Available from the vendor 360Degreeweb.com) would have fixed the issue.  The software is not available for retail, and only sold through OEM or Corporate channel.

Vulnerability
--------------------

1. When smartcard is not present and Platinum Key enabled (prevent access without smartcard), it is possible to access the console by :
a. Pressing Control-Escape multiple times, this will give the attacker few seconds of Windows Task Bar. Each time will give attacker 1-3 seconds of console display
b. Upon seeing Windows Task Bar, Confidentiality is breached by providing information of frequently accessed application, history of find and Run command, Access to Start menu
c. It is possible to click on the frequently accessed application, and run the application

2. If the host can be compromised via network (Windows networking, Trojan, etc) to install a certain application, and somehow create a shortcut for that program to be displayed under most frequently used application.  The attacker can press Control-Escape and click on that shortcut to run the exploit for further compromise (file server to transfer file, etc )

3. This is further possible for lack of security awareness by leaving desktop turned on (even locked with smartcard) and leave it connected network or lack of physical security

Vendor Response
---------------------------

Acer Singapore has been advised for at least three weeks, and they can't commit to provide any upgrade or solution for this.  Hence the purpose of this advisory to eliminate the sense of false security of Notebook owners by having two factor security on the notebook.  It also shows that the vendor is not committed to mitigate the vulnerability.

Disclaimer
The information in this bulletin is provided "AS IS" without warranty of any kind. 
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. 




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ