Home page logo
/

bugtraq logo Bugtraq mailing list archives

Utimaco Safeguard Easy vulnerability
From: boomboom999 () yahoo com
Date: 13 Oct 2006 02:49:19 -0000

Hello guys,

At this moment our company looks for a software to encrypt the whole disk drives on laptops.

I see that many companies and government  institutions use Utimaco Safeguard Easy.

First, we looked at this software as well.

However, it seems that the tool that is supposed to make laptops more secure has some serious problems related to 
password and key distribution.

For deployement in big companies, Utimaco recommend to implement centralized management. 
The management is done via CFG-files that are pushed via SMS, Active Directory or otherwise.

These CFG files contain encryption keys for hard disks and floppy, as well as user passwords and backup passwords for 
recovery. 

The content of the file is supposedly "encrypted" as Utimaco's manual says. However, it seems that the encryption keys 
are hardcoded directly in the EXE file. So, they are easily recoverable and all these CFG files can be easily 
compromised.

I am just wondering whether it has been discussed here and someone else has seen this problem before?

I know that many government and bank institutions use this product, am I the only person to see this security whole?

Thank you

boom


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]