• IDP Daily Update #1312
  posted: 11/18/08
  
• NSM Daily Update #1312
  posted: 11/18/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1312
  posted: 11/18/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1300
  posted: 11/18/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 11/17/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Folder Lock Weak Password Encryption Local Information Disclosure Vulnerability

Severity: LOW

Description:

Folder Lock is an application used to password-protect files and folders.

The application is prone to an information-disclosure vulnerability because it stores credentials in an insecure manner. Specifically, access credentials are stored within the Windows registry key 'HKEY_CURRENT_USER\Software\Microsoft\Windows\QualityControl'. Credentials are encrypted with an easy-to-determine rotation encryption scheme (ROT25).

A local attacker can exploit this issue to obtain passwords used by the application, which may aid in further attacks.

Folder Lock 5.9.5 is vulnerable; other versions may also be affected.

Affected Products:

• NewSoftwares.net Folder Lock 5.9.5

References:

• NewSoftwares.net: Folder Lock Homepage