CVE-ID

CVE-2001-0261

• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Date Entry Created
20010329 Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (20010404)
Votes (Legacy)
ACCEPT(3) Baker, Bishop, Frech
NOOP(3) Christey, Cole, Ziese
REJECT(1) LeBlanc
REVIEWING(1) Wall
Comments (Legacy)
 Bishop> Sounds like Microsoft just confirmed it!
 Christey> The description should make the point that the original files
   are in plaintext.
 LeBlanc> The preconditions needed to obtain the clear-text backup file
   are that the user must be able to read the raw disk. Only administrators
   or those with physical access can read the raw disk. An admin could
   alter the operating system such that anything a user did would be
   available, even EFS information (since the admin can cause processes to
   run as any user who is logged on currently). Thus even if this issue
   were not present, the same set of preconditions would lead to access to
   the same information. In the case of physical access, scrubbing the disk
   should be viewed only as raising the bar - information can be recovered
   even from overwritten sectors. Additionally, coverage of a file might
   not be complete - in the case where a file is truncated, then encrypted,
   there could be sectors with file information that the operating system
   would have no knowledge of at the time the encryption occurred, and
   there is no practical way to wipe these. Considering all the realities
   of the situation, the only real-world solution is to create files you'd
   like encrypted in a directory marked for encryption.
 CHANGE> [Baker changed vote from REVIEWING to ACCEPT]

Proposed (Legacy)
20010404
This is an entry on the CVE list, which standardizes names for security problems.