Sensitive Data Exposure vulnerability in McAfee True Key Windows Client
CVE-2020-7299

5MEDIUM

Key Information:

Vendor: Mcafee,llc
Status: Mcafee True Key Windows Client
Vendor: CVE Published:; 4 September 2020

What is CVE-2020-7299?

Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations.

Affected Version(s)

McAfee True Key Windows client 6.x < 6.2.110.8

References

https://service.mcafee.com/webcenter/portal/oracle/webcen...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 4, 2020
Vulnerability Reserved
Jan 21, 2020

Credit

McAfee credits nestedif for responsibly reporting this flaw.

Mcafee,llc

What is CVE-2020-7299?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit