Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0124 McAfee Security Bulletin - File and Removable Media Protection (FRP/EEFF/EERM) update addresses a brute-force attack on weak user passwords 3 November 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: McAfee Endpoint Encryption for Files and Folders (EEFF) McAfee Files and Removable Media Protection (FRP) Operating System: Windows Impact/Access: Access Privileged Data -- Remote/Unauthenticated Unauthorised Access -- Remote/Unauthenticated Resolution: Patch/Upgrade Member content until: Wednesday, December 3 2014 OVERVIEW McAfee has discovered a vulnerability in the Password-Based Key Derivation Function 2 (PBKDF2) used in its Endpoint Encryption for Files and Folders (EEFF) and File and Removable Media Protection (FRP) software products. The weakness affects versions 3.2.x. 4.0.x, 4.1.x and 4.2.x of EEFF and version 4.3.0.x of FRP. [1] IMPACT McAfee has provided the following details regarding the vulnerability: Insufficient Entropy (CWE-331) in the passsword-based key derivation function may allow an attacker to guess user passwords by leveraging patterns and clusters of values that are more likely to occur.[2] If the password is used to encrypt data, the attacker will be able to access that data in clear text. If the password is used for Authentication and/or Authorisation, the attacker will be able to gain unauthorized access to systems. [1] MITIGATION McAfee recommends affected users apply the appropriate hotfix for their product version, which uses a strong implementation of Password-Based Key Derivation Function 2 (PBKDF2). [1][3] REFERENCES [1] McAfee Security Bulletin - File and Removable Media Protection (FRP/EEFF/EERM) update addresses a brute-force attack on weak user passwords https://kc.mcafee.com/corporate/index?page=content&id=SB10089 [2] CWE-331: Insufficient Entropy http://cwe.mitre.org/data/definitions/331.html [3] PBKDF2 http://en.wikipedia.org/wiki/PBKDF2 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVFcjCBLndAQH1ShLAQIQXg/9FsoMNG2Av9rVutbLNju/lI17VZL7LVnX anu3eqOg2B4/V79yqrotfJ/4VcszkKt5Oer8Rps+Zzl5yXNiu/mvLfUNjZC67eXp R9vxZPnJ07INn1rM3kmM7yENlIp+03CqupoAtODoGz2aygV4ELIbdpw1kxenb2g8 lSuvlGr6b72Bl26qJyqroqUFC7f6rhidA6lb1JnJeKB+f1jOgyoFLiTI6h6iufdz ihPn9fhjEDKcqcbGNQka5El4ZVWiK+FCEI4+IK4BAHOxXl/6V8tVu8VciF8lkSTd vv+iOpP6MXLq5T+/C35xFOD0GW6ArXvHYJXhxbrUgrIgcY411836ZR7eIcANQeD+ vha1LfEh+D0hHUalOf8US9RrRDglKrJsnLdQWOJ9FgFa0H4BNwx4BVkY+M6Y2Xu7 8nC3UhGKZHO9ydKeu3Ex8UxBXCMbNwMBr4tW6fPdo88w/HUaCLe6Cf7ZV0QMdhcX seDD58i7ilBuQj8K5jNhvKIcOA+ZO2/9J/+lHNuI2JOSUHNoObFgS3RMic4TuEti AnBrilqiNt9q5EI/BOmvi0CSvO0/2H4XFlOhxiukH9PRWxmavy1z2pUFm1zG7Ifl UCQxVvfPA0y0NXVLRHy7DCz1FMgX+0Yk/xSOyklYs2ZLwCPCZPvHWNG9jjXqO3zG TpIplEXwHOY= =zUf+ -----END PGP SIGNATURE-----