Vulnerability Name:
CVE-2005-4175 (CCN-24828)
Assigned:
2005-12-11
Published:
2005-12-11
Updated:
2018-10-19
Summary:
Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.
CVSS v3 Severity:
4.0 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
None
Availibility (A):
None
CVSS v2 Severity:
2.1 Low
(CVSS v2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
)
1.6 Low
(Temporal CVSS v2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Local
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
None
Availibility (A):
None
2.1 Low
(CCN CVSS v2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
)
1.6 Low
(CCN Temporal CVSS v2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Local
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
None
Availibility (A):
None
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Obtain Information
References:
Source: CCN
Type: BugTraq Mailing List, Mon Dec 12 2005 - 23:25:11 CST
Bios Information Leakage
Source: MITRE
Type: CNA
CVE-2005-4175
Source: MITRE
Type: CNA
CVE-2005-4176
Source: MITRE
Type: CNA
CVE-2008-3893
Source: MITRE
Type: CNA
CVE-2008-3894
Source: MITRE
Type: CNA
CVE-2008-3895
Source: MITRE
Type: CNA
CVE-2008-3896
Source: MITRE
Type: CNA
CVE-2008-3897
Source: MITRE
Type: CNA
CVE-2008-3898
Source: MITRE
Type: CNA
CVE-2008-3899
Source: MITRE
Type: CNA
CVE-2008-3900
Source: MITRE
Type: CNA
CVE-2008-3901
Source: MITRE
Type: CNA
CVE-2008-3902
Source: CCN
Type: SA31605
DriveCrypt Plus Pack Password Disclosure Security Issue
Source: CCN
Type: SA31619
Microsoft BitLocker Password Disclosure Security Issue
Source: CCN
Type: INTEL-SA-00016
Intel Keyboard Buffer Information Disclosure Vulnerability
Source: CCN
Type: SECTRACK ID: 1020738
Intel BIOS Discloses Boot Password to Local users
Source: MISC
Type: UNKNOWN
http://www.ivizsecurity.com/preboot-patch.html
Source: MISC
Type: UNKNOWN
http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf
Source: CCN
Type: IVIZ-08-001
Microsoft Bitlocker Plain Text Password Disclosure
Source: CCN
Type: IVIZ-08-002
Hewlett-Packard BIOS Plain Text Password Disclosure
Source: CCN
Type: IVIZ-08-003
TrueCrypt Security Model bypass exploiting wrong BIOS API usage
Source: CCN
Type: IVIZ-08-004
Intel BIOS Plain Text Password Disclosure
Source: CCN
Type: IVIZ-08-005
Lenovo BIOS Plain Text Password Disclosure
Source: CCN
Type: IVIZ-08-006
DiskCryptor Security Model bypass exploiting wrong BIOS API usage
Source: CCN
Type: IVIZ-08-007
DriveCrypt Security Model bypass exploiting wrong BIOS API usage
Source: CCN
Type: IVIZ-08-008
LILO Security Model bypass exploiting wrong BIOS API usage
Source: CCN
Type: IVIZ-08-009
Grub Legacy Security Model bypass exploiting wrong BIOS API usage
Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#847537
Source: CCN
Type: OSVDB ID: 47856
Microsoft BitLocker BIOS Keyboard Buffer Local Password Disclosure
Source: CCN
Type: OSVDB ID: 47898
DriveCrypt Plus Pack BIOS Keyboard Buffer Local Password Disclosure
Source: CCN
Type: OSVDB ID: 47901
LILO BIOS Keyboard Buffer Local Password Disclosure
Source: CCN
Type: OSVDB ID: 47902
Grub Legacy BIOS Keyboard Buffer Local Password Disclosure
Source: CCN
Type: OSVDB ID: 47903
DiskCryptor on Windows BIOS Keyboard Buffer Local Password Disclosure
Source: CCN
Type: OSVDB ID: 47904
TrueCrypt BIOS Keyboard Buffer Local Password Disclosure
Source: CCN
Type: OSVDB ID: 47947
Linux Kernel Software Suspend BIOS Keyboard Buffer Local Password Disclosure
Source: CCN
Type: OSVDB ID: 47948
Intel Firmware Suspend BIOS Keyboard Buffer Local Password Disclosure
Source: CCN
Type: OSVDB ID: 47949
IBM Lenovo BIOS Keyboard Buffer Local Password Disclosure
Source: CCN
Type: OSVDB ID: 48437
HP Firmware BIOS Keyboard Buffer Local Password Disclosure
Source: CCN
Type: OSVDB ID: 60039
AWARD Bios Modular BIOS Keyboard Buffer Memory Cleartext Password Local Disclosure
Source: CCN
Type: OSVDB ID: 60040
Insyde BIOS Keyboard Buffer Memory Cleartext Password Local Disclosure
Source: MISC
Type: UNKNOWN
http://www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt
Source: BUGTRAQ
Type: UNKNOWN
20051213 Bios Information Leakage
Source: BID
Type: UNKNOWN
15751
Source: CCN
Type: BID-15751
Multiple Vendor BIOS Keyboard Buffer Password Persistence Weakness
Source: CCN
Type: BID-30818
Retired: DriveCrypt Incorrect BIOS API Usage Security Vulnerability
Source: XF
Type: UNKNOWN
multiple-bios-information-disclosure(24828)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:insyde:insyde_bios:v190:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/h:intel:bios:dq35jo:*:*:*:*:*:*:*
OR
cpe:/h:intel:bios:dq35mp:*:*:*:*:*:*:*
OR
cpe:/h:intel:bios:dp35dp:*:*:*:*:*:*:*
OR
cpe:/h:intel:bios:dg33fb:*:*:*:*:*:*:*
OR
cpe:/h:intel:bios:dg33bu:*:*:*:*:*:*:*
OR
cpe:/h:intel:bios:dg33tl:*:*:*:*:*:*:*
OR
cpe:/h:intel:bios:dx38bt:*:*:*:*:*:*:*
OR
cpe:/h:intel:bios:mgm965tw:*:*:*:*:*:*:*
OR
cpe:/a:microsoft:bitlocker:-:*:*:*:*:*:*:*
OR
cpe:/a:truecrypt_foundation:truecrypt:5.0:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.6.1:*:*:*:*:*:*:*
OR
cpe:/a:suspend2:software_suspend_2:2-2.2.1:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.6:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:0:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:1:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:10:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:11:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:12:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:13:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:14:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:15:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:16:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:17:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:18:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:19:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:2:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:20:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:21:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:21-3:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:21.4.2:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:21.4.3:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:21.4.4:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:21.5:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:21.5.1:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:21.6:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:21.6.1:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:21.7:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:21.7.1:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:21.7.2:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:21.7.3:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:21.7.4:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:21.7.5:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.0:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.0.1:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.0.2:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.1:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.2:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.3:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.3.1:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.3.2:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.3.3:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.3.4:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.4:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.4.1:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.5:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.5.1:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.5.2:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.5.3:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.5.3.1:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.5.4:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.5.5:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.5.6:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.5.7:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.5.7.2:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.5.8:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:22.5.9:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:3:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:4:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:5:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:6:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:7:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:8:*:*:*:*:*:*:*
OR
cpe:/a:lilo:lilo:9:*:*:*:*:*:*:*
AND
cpe:/o:linux:linux_kernel:2.6.16:-:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
insyde
insyde bios v190
intel
bios dq35jo
intel
bios dq35mp
intel
bios dp35dp
intel
bios dg33fb
intel
bios dg33bu
intel
bios dg33tl
intel
bios dx38bt
intel
bios mgm965tw
microsoft
bitlocker -
truecrypt_foundation
truecrypt 5.0
lilo
lilo 22.6.1
suspend2
software suspend 2 2-2.2.1
lilo
lilo 22.6
lilo
lilo 0
lilo
lilo 1
lilo
lilo 10
lilo
lilo 11
lilo
lilo 12
lilo
lilo 13
lilo
lilo 14
lilo
lilo 15
lilo
lilo 16
lilo
lilo 17
lilo
lilo 18
lilo
lilo 19
lilo
lilo 2
lilo
lilo 20
lilo
lilo 21
lilo
lilo 21-3
lilo
lilo 21.4.2
lilo
lilo 21.4.3
lilo
lilo 21.4.4
lilo
lilo 21.5
lilo
lilo 21.5.1
lilo
lilo 21.6
lilo
lilo 21.6.1
lilo
lilo 21.7
lilo
lilo 21.7.1
lilo
lilo 21.7.2
lilo
lilo 21.7.3
lilo
lilo 21.7.4
lilo
lilo 21.7.5
lilo
lilo 22.0
lilo
lilo 22.0.1
lilo
lilo 22.0.2
lilo
lilo 22.1
lilo
lilo 22.2
lilo
lilo 22.3
lilo
lilo 22.3.1
lilo
lilo 22.3.2
lilo
lilo 22.3.3
lilo
lilo 22.3.4
lilo
lilo 22.4
lilo
lilo 22.4.1
lilo
lilo 22.5
lilo
lilo 22.5.1
lilo
lilo 22.5.2
lilo
lilo 22.5.3
lilo
lilo 22.5.3.1
lilo
lilo 22.5.4
lilo
lilo 22.5.5
lilo
lilo 22.5.6
lilo
lilo 22.5.7
lilo
lilo 22.5.7.2
lilo
lilo 22.5.8
lilo
lilo 22.5.9
lilo
lilo 3
lilo
lilo 4
lilo
lilo 5
lilo
lilo 6
lilo
lilo 7
lilo
lilo 8
lilo
lilo 9
linux
linux kernel 2.6.16
Denotes that component is vulnerable