// For flags

CVE-2020-7299

Sensitive Data Exposure vulnerability in McAfee True Key Windows Client

Severity Score

4.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations.

Una vulnerabilidad de Almacenamiento de Información Confidencial en la Memoria en Texto Sin Cifrar en el cliente de Microsoft Windows en McAfee True Key (TK) anterior a versión 6.2.109.2, permite a un usuario local iniciar sesión con privilegios administrativos para acceder a contraseñas de otro usuario en la misma máquina mediante la activación de un volcado de proceso en situaciones específicas

*Credits: McAfee credits nestedif for responsibly reporting this flaw.
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-01-21 CVE Reserved
  • 2020-09-04 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-522: Insufficiently Protected Credentials
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mcafee
Search vendor "Mcafee"
 True Key
Search vendor "Mcafee" for product "True Key"
 < 6.2.109.2
Search vendor "Mcafee" for product "True Key" and version " < 6.2.109.2"
windows
Affected