Detections
Analytics

Authentec UPEK Protector Suite Weak Password Storage

low Nessus Plugin ID 62627

Language:

Synopsis

The remote host has an authentication product installed that does not store user credentials in a secure manner.

Description

The remote host has, or has had Authentec UPEK Protector Suite installed. Nessus was able to decrypt user credentials stored in an insecure manner in the Windows registry by UPEK Protector Suite.

Solution

Apply the vendor's patch or uninstall UPEK Protector Suite along with the stored user credentials.

See Also

https://adamcaudill.com/2012/10/07/upek-windows-password-decryption/

https://github.com/brandonlw/upek-ps-pass-decrypt

http://www.nessus.org/u?a31f585e

http://www.nessus.org/u?d67c4cff

Plugin Details

Severity: Low

ID: 62627

File Name: authentec_upek_password_decryption.nasl

Version: 1.7

Type: remote

Agent: windows

Family: Windows

Published: 10/18/2012

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: x-cpe:/a:authentec:protector_suite

Required KB Items: SMB/Registry/Enumerated

Exploited by Nessus: true

Patch Publication Date: 9/14/2012

Vulnerability Publication Date: 8/28/2012