[15048] in bugtraq
Aladdin Software Security SecretDisk console blocking failure
daemon@ATHENA.MIT.EDU (Vitaly Fedrushkov)
Thu May 25 14:31:51 2000
Message-Id: <20000525132312.7461.qmail@securityfocus.com>
Date: Thu, 25 May 2000 13:23:12 -0000
Reply-To: Vitaly Fedrushkov <willy@LUKOIL.UU.RU>
From: Vitaly Fedrushkov <willy@LUKOIL.UU.RU>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
Good $daytime,
SecretDisk, made by Aladdin Software Security R.D.,
(http://www.aladdin.ru/) provides cryptographic file
system for Win9x boxes.
It supports usage of parallel port keys, smartcards,
PCMCIA cards, or recently mentioned USB eTokens,
in combination with password protection.
Among others, this software offers workstation locking
feature: once a key is physically removed, screen saver
is activated, blocking mouse/keyboard access to
applications until key is inserted back.
However, on a dual monitor workstation, screen saver
takes over only the first display, allowing mouse/keyboard
access to application windows on a second one.
IMHO neither real hole nor backdoor, just a silly overlook.
Tested on eToken version.
Regards,
Willy.
