Vigil@nce - Symantec Endpoint Encryption: information disclosure via Client Memory Dump
December 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can force a Memory Dump of Symantec Endpoint
Encryption, in order to obtain sensitive information, to access to
SEE Management Server.
Impacted products: Symantec Endpoint Encryption.
Severity: 1/4.
Creation date: 15/12/2015.
DESCRIPTION OF THE VULNERABILITY
The Symantec Endpoint Encryption product is installed on client
computers, and stores the password to access to SEEMS (SEE
Management Server).
However, an attacker can dump the process memory, and read this
credentials.
A local attacker can therefore force a Memory Dump of Symantec
Endpoint Encryption, in order to obtain sensitive information, to
access to SEE Management Server.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN