Sensitive Data Exposure vulnerability in McAfee True Key Windows Client
CVE-2020-7299

5MEDIUM

Key Information:

Vendor: Mcafee,llc
Status: Mcafee True Key Windows Client
Vendor: CVE Published:; 4 September 2020

Summary

Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations.

Affected Version(s)

McAfee True Key Windows client 6.x < 6.2.110.8

References

https://service.mcafee.com/webcenter/portal/oracle/webcen...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 4, 2020
Vulnerability Reserved
Jan 21, 2020

Credit

McAfee credits nestedif for responsibly reporting this flaw.