Utimaco Safeguard Encryption Key Information Disclosure Vulnerability

Utimaco Safeguard Encryption Key Information Disclosure Vulnerability

Utimaco Safeguard Easy is prone to a local information-disclosure vulnerability because it fails to protect sensitive information from unprivileged users.

A local attacker may exploit this issue to obtain encryption keys used by the application. The attacker may then user this information to retrieve further information or to launch other attacks.

UPDATE: The vendor has released information refuting this vulnerability. Please see the referenced advisory for details.