Information disclosure in truecrypt - CVE-2014-2884

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU37387

Information disclosure in truecrypt - CVE-2014-2884

Published: March 19, 2018 / Updated: August 8, 2020


Vulnerability identifier: #VU37387
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2014-2884
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: www.truecrypt.org
Affected software:
truecrypt

Detailed vulnerability description

The vulnerability allows a local authenticated user to gain access to sensitive information.

The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call.


How to mitigate CVE-2014-2884

Install update from vendor's website.

Sources