Bypassing Mcafee Entreprise Password Protection



Date : 03/16/2007

URL: http://homepage.mac.com/adonismac/Advisory/bypass_mcafee_entreprise_password.html


Affected Product / OS
=====================
Product Name and Version: McAfee VirusScan Entreprise 8.5.0.i maybe older version too.

Tested on OS: Windows XP, 2003

Bug Type
========
Type: Bad Design

Bug Results
===========
Bypass Password Protection

Bug Description
===============
Mcafee virusscan Enterprise version allow you to lock the user interface using a password. A user write access windows registry.

The password is saved in UIP under the key HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\DesktopProtection

Or it can be under

HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan Entreprise\CurrentVersion


If you remove the value of the UIP you will end up bypassing the password.


You can replace the value if you wish too with a known value, but why bother when you can remove the password.
I think this type of protection is not too secure.


Proof-Of-Concept
================
http://homepage.mac.com/adonismac/Advisory/crack_mcafee_password_protection.html


Peace to you all



Relevant Pages

  • Re: Unable to open embedded object in word document
    ... Plugin that comes with it (but do not disable Norton AutoProtect). ... Your error message would seem to indicate the needed program is there, ... but Windows cannot find space to run it in. ... and you probably don't know the parallel in McAfee VirusScan ...
    (microsoft.public.word.application.errors)
  • W2000 file security permissions override by VirusScan
    ... Does anyone know how to configure Windows 2000 so ... Security has been specified, the two groups being the Administrators group ... Security settings dialog box): ... Windows 2000 it appears that McAfee VirusScan 4.5.1-SP1 is able to override ...
    (microsoft.public.win2000.security)
  • Port 110 and earthlink
    ... I recieve a brand new PC with Windows XP SP2 installed and McAfee Virusscan ... I configured my earthlink account but my PC is ... smtpauth.earthlink.net on port 587.... ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • RE: update McAfee VirusScan 7 / 8 with normal User rights?
    ... Uwe, ... 285909 How to Troubleshoot Program Compatibility Issues in Windows XP ... | System with XP Home and McAfee VirusScan 8 - same result. ...
    (microsoft.public.security.virus)