Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level and gain access to other users' mounted encrypted volumes.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TrueCrypt、VeraCrypt和CipherShed 权限许可和访问控制问题漏洞
Vulnerability Description
TrueCrypt、VeraCrypt和CipherShed for Windows都是基于Windows平台的免费、开源的磁盘加密软件。 TrueCrypt 7.0版本、VeraCrypt 1.15之前的版本和CipherShed中的Ntdriver.c文件的IsVolumeAccessibleByCurrentUser和MountDevice方法存在安全漏洞。本地攻击者可利用该漏洞获取提升的权限。
CVSS Information
N/A
Vulnerability Type
N/A