ID CVE-2002-0788
Summary An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information.
References
Vulnerable Configurations
  • cpe:2.3:a:pgp:freeware:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:pgp:freeware:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pgp:corporate_desktop:7.1:*:*:*:*:*:*:*
    cpe:2.3:a:pgp:corporate_desktop:7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pgp:personal_security:7.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:pgp:personal_security:7.0.3:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 08-02-2024 - 20:13)
Impact:
Exploitability:
CWE CWE-459
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 4702
bugtraq 20020508 NTFS and PGP interact to expose EFS encrypted data
confirm http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1/hotfix/ReadMe.txt
osvdb 4363
xf pgp-ntfs-reveal-data(9044)
Last major update 08-02-2024 - 20:13
Published 12-08-2002 - 04:00
Last modified 08-02-2024 - 20:13
Back to Top