Multiple PGP Products with Windows EFS Plaintext File Disclosure Vulnerability

Several PGP products for Windows systems include a Wipe Deleted Files feature. This is designed to intercept file deletions and perform a disk wipe on the relevant data.

An issue has been reported when this feature is used in conjunction with the Encrypted File System (EFS) shipped with Windows 2000. As a result of this issue, plaintext copies of all encrypted files may be left on the local drive. These files may be viewed by any local user with administrative access.

This issue has been reported with PGP Corporate Desktop Version 7.1.x, PGP Desktop Security Version 7.0.x, and PGPfreeware Version 7.0.3 for Windows 2000. It has been reported that this issue also exists when the encrypted folder attribute is used with NTFS under Windows XP.


 

Privacy Statement
Copyright 2010, SecurityFocus