-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2014.0124
      McAfee Security Bulletin - File and Removable Media Protection
         (FRP/EEFF/EERM) update addresses a brute-force attack on
                            weak user passwords
                              3 November 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              McAfee Endpoint Encryption for Files and Folders (EEFF)
                      McAfee Files and Removable Media Protection (FRP)
Operating System:     Windows
Impact/Access:        Access Privileged Data -- Remote/Unauthenticated
                      Unauthorised Access    -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
Member content until: Wednesday, December  3 2014

OVERVIEW

        McAfee has discovered a vulnerability in the Password-Based Key 
        Derivation Function 2 (PBKDF2) used in its Endpoint Encryption for 
        Files and Folders (EEFF) and File and Removable Media Protection 
        (FRP) software products. The weakness affects versions 3.2.x. 4.0.x,
        4.1.x and 4.2.x of EEFF and version 4.3.0.x of FRP. [1]


IMPACT

        McAfee has provided the following details regarding the 
        vulnerability:
        
        Insufficient Entropy (CWE-331) in the passsword-based key derivation function
        may allow an attacker to guess user passwords by leveraging patterns
        and clusters of values that are more likely to occur.[2]
        
        If the password is used to encrypt data, the attacker will be able 
        to access that data in clear text. If the password is used for 
        Authentication and/or Authorisation, the attacker will be able to
        gain unauthorized access to systems. [1]


MITIGATION

        McAfee recommends affected users apply the appropriate hotfix for 
        their product version, which uses a strong implementation of 
        Password-Based Key Derivation Function 2 (PBKDF2). [1][3]


REFERENCES

        [1] McAfee Security Bulletin - File and Removable Media Protection
            (FRP/EEFF/EERM) update addresses a brute-force attack on weak user
            passwords
            https://kc.mcafee.com/corporate/index?page=content&id=SB10089

        [2] CWE-331: Insufficient Entropy
            http://cwe.mitre.org/data/definitions/331.html

        [3] PBKDF2
            http://en.wikipedia.org/wiki/PBKDF2

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVFcjCBLndAQH1ShLAQIQXg/9FsoMNG2Av9rVutbLNju/lI17VZL7LVnX
anu3eqOg2B4/V79yqrotfJ/4VcszkKt5Oer8Rps+Zzl5yXNiu/mvLfUNjZC67eXp
R9vxZPnJ07INn1rM3kmM7yENlIp+03CqupoAtODoGz2aygV4ELIbdpw1kxenb2g8
lSuvlGr6b72Bl26qJyqroqUFC7f6rhidA6lb1JnJeKB+f1jOgyoFLiTI6h6iufdz
ihPn9fhjEDKcqcbGNQka5El4ZVWiK+FCEI4+IK4BAHOxXl/6V8tVu8VciF8lkSTd
vv+iOpP6MXLq5T+/C35xFOD0GW6ArXvHYJXhxbrUgrIgcY411836ZR7eIcANQeD+
vha1LfEh+D0hHUalOf8US9RrRDglKrJsnLdQWOJ9FgFa0H4BNwx4BVkY+M6Y2Xu7
8nC3UhGKZHO9ydKeu3Ex8UxBXCMbNwMBr4tW6fPdo88w/HUaCLe6Cf7ZV0QMdhcX
seDD58i7ilBuQj8K5jNhvKIcOA+ZO2/9J/+lHNuI2JOSUHNoObFgS3RMic4TuEti
AnBrilqiNt9q5EI/BOmvi0CSvO0/2H4XFlOhxiukH9PRWxmavy1z2pUFm1zG7Ifl
UCQxVvfPA0y0NXVLRHy7DCz1FMgX+0Yk/xSOyklYs2ZLwCPCZPvHWNG9jjXqO3zG
TpIplEXwHOY=
=zUf+
-----END PGP SIGNATURE-----