Bypassing Mcafee Entreprise Password Protection

Date : 03/16/2007


Affected Product / OS
Product Name and Version: McAfee VirusScan Entreprise 8.5.0.i maybe older version too.

Tested on OS: Windows XP, 2003

Bug Type
Type: Bad Design

Bug Results
Bypass Password Protection

Bug Description
Mcafee virusscan Enterprise version allow you to lock the user interface using a password. A user write access windows registry.

The password is saved in UIP under the key HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection

Or it can be under

HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion

If you remove the value of the UIP you will end up bypassing the password.

You can replace the value if you wish too with a known value, but why bother when you can remove the password.
I think this type of protection is not too secure.


Peace to you all