• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Identix BioLogon Client Biometric Authentication Bypass Vulnerability

Identix BioLogon Client is a software utility which provides support for biometric security measures(fingerprint readers, smartcards, etc.) on Microsoft Windows systems. Part of its design is to help restrict unauthorized users from physically accessing the host.

BioLogin does not protect systems with multi-monitor support. The BioLogon Client will attempt to trigger biometric authentication measures when users attempt to unlock the screensaver and gain physical access to the host.
However, biometric security will not attempt to authenticate users who access the host from virtual desktops(ie: screens on other monitors).

It is reported that BioLogon Client on Windows 98 and ME with multi-monitor support enabled, are vulnerable to this issue.