--------------------------------------------------------------------

Title: Pointsec for PalmOS PIN disclosure

BUG-ID: 2002018
Released: 03rd May 2002
Discovered by: Laurens Binken, KPMG IRM, the Netherlands
--------------------------------------------------------------------

Problem:
========
Pointsec software for PalmOS stores it's authentication credentials
in clear-text in memory. These credentials (the PIN code) can be
retrieved in a few seconds once the Palm device is authenticated.

Vulnerable:
===========
- Pointsec for PalmOS V1.0
- Pointsec for PalmOS V1.1

Not vulnerable:
===============
- Pointsec for PalmOS V1.2

Product Description:
====================
Quoted from the vendors web page:

"Pointsec® for Palm OS combines sophisticated access control, data
 encryption, and a revolutionary user authentication process to
 protect everything - not just a few selected applications like most
 PDA security products. Pointsec´s mandatory access control complies
 with tough new security regulations and reduces liability for third
 party data by ensuring that only authorized users can access
 applications and data."

Details:
========
The Pointsec software for PalmOS uses a PIN code to unlock the
Palm device. This PIN code is stored in clear-text in the memory of
the Palm device.

The PIN code can be extracted by dumping the memory of the device
once the user has authenticated. The extraction only takes a few
seconds.

The Pointsec software can be configured to time-out after a given
period, forcing re-entry of the PIN code.
However, this period is most likely longer than the time it takes
for a malicious user to steal the Palm and extract the PIN thus
giving him access to all the data on the Palm.

Vendor URL:
===========
You can visit the vendors web page here: http://www.pointsec.com

Vendor response:
================
The vendor was contacted about the first issue on the 13th of
February, 2002. We received a new version of Pointsec for PalmOS
on 18th of May which corrected this specific issue.

Corrective action:
==================
Upgrade to Pointsec for PalmOS version 1.2, which is available
from Pointsec (http://www.pointsec.com)

Authors:
Laurens Binken (binken.laurenskpmg.nl)

--------------------------------------------------------------------
KPMG is not responsible for the misuse of the information we provide
through our security advisories. These advisories are a service to
the professional security community. In no event shall KPMG be lia-
ble for any consequences whatsoever arising out of or in connection
with the use or spread of this information.
--------------------------------------------------------------------

**********************************************************************
De informatie verzonden met dit e-mailbericht (en bijlagen)
is uitsluitend bestemd voor de geadresseerde(n) en zij die
van de geadresseerde(n) toestemming kregen dit bericht te
lezen. Gebruik door anderen dan geadresseerde(n) is
verboden. De informatie in dit e-mailbericht (en bijlagen)
kan vertrouwelijk van aard zijn en kan binnen het bereik
vallen van een geheimhoudingsplicht en een verschonings-
recht.

Any information transmitted by means of this e-mail (and any
of its attachments) is intended exclusively for the addressee
or addressees and for those authorized by the addressee
or addressees to read this message. Any use by a party
other than the addressee or addressees is prohibited.
The information contained in this e-mail (or any of its
attachments) may be confidential in nature and fall under a
duty of non-disclosure and the attorney-client privilege.
**********************************************************************

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]