Vulnerabilities > CVE-2005-4176
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 1 |
Exploit-Db
description Multiple Vendor BIOS Keyboard Buffer Password Persistence Weakness (1). CVE-2005-4176 . Local exploit for windows platform id EDB-ID:26752 last seen 2016-02-03 modified 2005-12-06 published 2005-12-06 reporter Endrazine source https://www.exploit-db.com/download/26752/ title Multiple Vendor BIOS Keyboard Buffer Password Persistence Weakness 1 description Multiple Vendor BIOS Keyboard Buffer Password Persistence Weakness (2). CVE-2005-4176 . Local exploit for unix platform id EDB-ID:26753 last seen 2016-02-03 modified 2005-12-06 published 2005-12-06 reporter Endrazine source https://www.exploit-db.com/download/26753/ title Multiple Vendor BIOS Keyboard Buffer Password Persistence Weakness 2
References
- http://www.ivizsecurity.com/preboot-patch.html
- http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf
- http://www.kb.cert.org/vuls/id/847537
- http://www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt
- http://www.securityfocus.com/archive/1/419610/100/0/threaded
- http://www.securityfocus.com/bid/15751