Authentec UPEK Protector Suite Weak Password Storage

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote host has an authentication product installed that does not
store user credentials in a secure manner.

Description :

The remote host has, or has had Authentec UPEK Protector Suite
installed. Nessus was able to decrypt user credentials stored in an
insecure manner in the Windows registry by UPEK Protector Suite.

See also :

http://adamcaudill.com/2012/10/07/upek-windows-password-decryption/
https://github.com/brandonlw/upek-ps-pass-decrypt
http://www.nessus.org/u?a31f585e
http://www.nessus.org/u?63613739

Solution :

Apply the vendor's patch or uninstall UPEK Protector Suite along with
the stored user credentials.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 62627 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now