Google has published details of a critical vulnerability in TrueCrypt which allows a local attacker with access to the system can increase its privileges. Although the vulnerability does not affect the encryption TrueCrypt offers the leak was in the news.
Last year, private developers of TrueCrypt namely to stop supporting the encryption software. Nevertheless, for many users continues to be the preferred option for encrypting files as well as complete systems. Because the support is stopped are found vulnerabilities not fixed. Google researcher James Forshaw recently reported two vulnerabilities in TrueCrypt and secondary Vera Crypt, which still supported.
The first vulnerability is dangerous because someone with a limited user account system or kernel rights can get. The second vulnerability allows an unauthorized user to disconnect an active use TrueCrypt volume. To use either leak must be able to log into an attacker's computer. In addition, it is not possible to decrypt the information via vulnerabilities.
Audit
The vulnerability was also notable because TrueCrypt last year was audited, but this problem was not found. According Forshaw this can be explained because the attack vector that he used was not known to the researchers. In addition, the code of Windows Drivers usually did not exceed out by an attacker, in which this vulnerability is the case. The way Windows through the years with drivers and symbolic links' minds are changed by Microsoft. This However, Microsoft has not been well documented, says Forshaw. According to the researcher, it is therefore difficult to blame both the TrueCrypt developers and auditors that these types of vulnerabilities through slip.
No comments:
Post a Comment