Specifically, the “Mobile Guardian Shield” product. Here is the vulnerability note on US-CERT.

CREDANT Mobile Guardian (CMG) Shield is a component of Mobile Guardian Enterprise Edition. CMG Shield provides policy-based encryption of specified files. CMG Shield fails to properly clear credentials out of system memory. The default configuration for CMG Shield does not encrypt the Windows pagefile, which means that the credentials may be written to disk. Please see the CREDANT vendor statement below in this vulnerability note for more details.

This is unfortunate for Credant. There is a patch available for Credant customers.

Article Link

[tags]Credant Vulnerability, Encryption Failure, Memory Artifacts[/tags]

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.