Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4175

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2005-4175
Last Modified 10 Sep 2008 03:51:12
Published 11 Dec 2005 04:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-4175

Summary

Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.

Vulnerable Systems

Application

  • Insyde Bios V190


References

CERT-VN - VU#847537

BID - 15751

BUGTRAQ - 20051213 Bios Information Leakage

MISC - http://www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt

MISC - http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf

MISC - http://www.ivizsecurity.com/preboot-patch.html


Last Updated: 27 May 2016 10:41:12