From Binken.Laurens@kpmg.nl Tue May 7 13:39:25 2002 From: "Binken, Rens" To: "'bugtraq@securityfocus.com'" Date: Tue, 7 May 2002 11:41:19 +0200 Subject: KPMG-2002018: Pointsec for PalmOS PIN disclosure [The following text is in the "iso-8859-1" character set] [Your display is set for the "US-ASCII" character set] [Some characters may be displayed incorrectly] -------------------------------------------------------------------- Title: Pointsec for PalmOS PIN disclosure BUG-ID: 2002018 Released: 03rd May 2002 Discovered by: Laurens Binken, KPMG IRM, the Netherlands -------------------------------------------------------------------- Problem: ======== Pointsec software for PalmOS stores it's authentication credentials in clear-text in memory. These credentials (the PIN code) can be retrieved in a few seconds once the Palm device is authenticated. Vulnerable: =========== - Pointsec for PalmOS V1.0 - Pointsec for PalmOS V1.1 Not vulnerable: =============== - Pointsec for PalmOS V1.2 Product Description: ==================== Quoted from the vendors web page: "Pointsec® for Palm OS combines sophisticated access control, data encryption, and a revolutionary user authentication process to protect everything - not just a few selected applications like most PDA security products. Pointsec´s mandatory access control complies with tough new security regulations and reduces liability for third party data by ensuring that only authorized users can access applications and data." Details: ======== The Pointsec software for PalmOS uses a PIN code to unlock the Palm device. This PIN code is stored in clear-text in the memory of the Palm device. The PIN code can be extracted by dumping the memory of the device once the user has authenticated. The extraction only takes a few seconds. The Pointsec software can be configured to time-out after a given period, forcing re-entry of the PIN code. However, this period is most likely longer than the time it takes for a malicious user to steal the Palm and extract the PIN thus giving him access to all the data on the Palm. Vendor URL: =========== You can visit the vendors web page here: http://www.pointsec.com Vendor response: ================ The vendor was contacted about the first issue on the 13th of February, 2002. We received a new version of Pointsec for PalmOS on 18th of May which corrected this specific issue. Corrective action: ================== Upgrade to Pointsec for PalmOS version 1.2, which is available from Pointsec (http://www.pointsec.com) Authors: Laurens Binken (binken.laurens@kpmg.nl) -------------------------------------------------------------------- KPMG is not responsible for the misuse of the information we provide through our security advisories. These advisories are a service to the professional security community. In no event shall KPMG be lia- ble for any consequences whatsoever arising out of or in connection with the use or spread of this information. -------------------------------------------------------------------- ********************************************************************** De informatie verzonden met dit e-mailbericht (en bijlagen) is uitsluitend bestemd voor de geadresseerde(n) en zij die van de geadresseerde(n) toestemming kregen dit bericht te lezen. Gebruik door anderen dan geadresseerde(n) is verboden. De informatie in dit e-mailbericht (en bijlagen) kan vertrouwelijk van aard zijn en kan binnen het bereik vallen van een geheimhoudingsplicht en een verschonings- recht. Any information transmitted by means of this e-mail (and any of its attachments) is intended exclusively for the addressee or addressees and for those authorized by the addressee or addressees to read this message. Any use by a party other than the addressee or addressees is prohibited. The information contained in this e-mail (or any of its attachments) may be confidential in nature and fall under a duty of non-disclosure and the attorney-client privilege. **********************************************************************