|
|
|
|
| |
Credit:
The information has been provided by Symantec.
|
| |
Vulnerable Systems:
* Password Safe version 2.11
* Password Safe version 2.16
* Password Safe version 3.0BETA1
Immune Systems:
* Password Safe version 3.01
Password Safe can be configured to lock the password database when the workstation is locked or after a set period of idle time to prevent unauthorized access to the database contents. When the following dialogue windows are left open in the application the database will not lock on either of these preconfigured events.
File > New Database
File > Open Database
File > Save As
File > Export To
File > Import From
File > Merge Database
Edit > Add Entry
Edit > Edit/View Entry
Manage > Change Safe Combination
Manage > Make Backup
Manage > Restore from Backup
Help > About Password Safe
By not locking the password database as configured, its contents may be at risk of compromise by an attacker with access to the workstation.
Vendor Response:
The above vulnerability was addressed for the affected platforms in Password Safe 3.01.
Customers can download the latest version of Password Safe from the following website: https://sourceforge.net/projects/passwordsafe/
If there are any further questions about this statement, please contact ronys AT users.sourceforge DOT net.
Recommendation:
Follow your organization's testing procedures before applying patches or workarounds. Customers should upgrade to Password Safe 3.01, or higher as soon as possible.
CVE Information:
CVE-2006-3675
|
|
|
|
|
