[NEWS] Intel BIOS Plain Text Password Disclosure



The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



Intel BIOS Plain Text Password Disclosure
------------------------------------------------------------------------


SUMMARY

Like most BIOSes, Intel's firmware PE94510M.86A.0050.2007.0710.1559
(07/10/2007) can be used to ask a password to users at boot time to
implement a pre-boot authentication.

The password checking routine of Intel's BIOS fails to sanitize the BIOS
keyboard buffer after reading user input, resulting in plain text password
leakage to local users.

DETAILS

Vulnerable Systems:
* Intel Corp PE94510M.86A.0050.2007.0710.1559 (07/10/2007) BIOS

The BIOS's pre-boot authentication routines use the BIOS API to read user
input via the keyboard. The BIOS internally copies the keystrokes in a RAM
structure called the BIOS Keyboard buffer inside the BIOS Data Area. This
buffer is not flushed after use, resulting in potential plain text
password leakage once the OS is fully booted, assuming the attacker can
read the password at physical memory location 0x40:0x1e.

Impact:
Plain text password disclosure. Local access is required, but no physical
access to the machine.

The level of privilege required to retrieve the password from memory is OS
dependent and varies from guest user under Microsoft Windows (any) to root
user under most Unix based OSes.


ADDITIONAL INFORMATION

The information has been provided by
<mailto:advisories@xxxxxxxxxxxxxxxxxxxxxxx> iViZ Security Advisories.
The original article can be found at:
<http://www.ivizsecurity.com/security-advisory-iviz-sr-0804.html>
http://www.ivizsecurity.com/security-advisory-iviz-sr-0804.html



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.