Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4176

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2005-4176
Last Modified 10 Sep 2008 03:51:13
Published 11 Dec 2005 04:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-4176

Summary

AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.

Vulnerable Systems


References

CERT-VN - VU#847537

BID - 15751

BUGTRAQ - 20051213 Bios Information Leakage

MISC - http://www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt

MISC - http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf

MISC - http://www.ivizsecurity.com/preboot-patch.html


Last Updated: 27 May 2016 10:41:12