Cryptware has released security updates for its CryptoPro Secure Disk tool that works with BitLocker. The developers have responded to discovered security issues with the program.
Cryptware Secure Disk for Bitlocker Fixes the Security Bugs
CryptWare has released a security patch that amends the serious vulnerabilities that were discovered by security researchers. They affect their CryptoPro Secure Disk for BitLocker tool which is used to enhance the functionality of the disk encryption software available for Windows. CryptoDisk provides additional features such as PreBoot Authentication (PBA) and supports UID/password and smartcard/PIN authentication.
The security advisory that reveals the issues was published in Wednesday by the security consulting company SEC Consult. According to their report, the application is affected by two bugs that can be exploited if malicious users can access physically the target machine. The attacked can exploit the software that can lead to a remote root shell. CryptoPro is not able to properly block terminal access as the researchers have demonstrated how an attacker may launch a shell and execute commands with privilege access.
The second vulnerability is caused by inadequate verification checks. The issues allow attackers to modify system files and bypass the security processes. The vulnerability can be used to gain backdoor access to the target system and also steal sensitive data, including domain credentials, 802.1x authentication, and BitLocker information.
The security patches are delivered with version 5.2.1 of the software. The company stated that their tests indicate that the described issues did not allow attackers to access the encrypted data on the Windows machines. The only security implications of the bugs are exposure of the IP address.