Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0788

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2002-0788
Last Modified 03 Aug 2013 12:27:27
Published 12 Aug 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-0788

Summary

An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information.

Vulnerable Systems

Application

  • Pgp Corporate Desktop 7.1

  • Pgp Freeware 7.0.3

  • Pgp Personal Security 7.0.3


References

BID - 4702

XF - pgp-ntfs-reveal-data(9044)

BUGTRAQ - 20020508 NTFS and PGP interact to expose EFS encrypted data

CONFIRM - http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1/hotfix/ReadMe.txt

OSVDB - 4363


Last Updated: 27 May 2016 10:37:04