CVE-2008-3902: Infoleak
First published: Wed Sep 03 2008(Updated: )
HP firmware 68DTT F.0D stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer, aka SSRT080104.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP 68DTT | =f.0d |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2008-3902?
CVE-2008-3902 is considered a medium severity vulnerability due to the potential exposure of sensitive pre-boot authentication passwords.
How do I fix CVE-2008-3902?
To address CVE-2008-3902, it is recommended to update the HP firmware to a version that clears the BIOS Keyboard buffer after use.
What systems are affected by CVE-2008-3902?
CVE-2008-3902 affects HP firmware version F.0D specifically on the HP 68DTT model.
What information can be obtained through CVE-2008-3902?
CVE-2008-3902 allows local users to read pre-boot authentication passwords stored in the BIOS Keyboard buffer.
Is CVE-2008-3902 a remote or local vulnerability?
CVE-2008-3902 is classified as a local vulnerability because it requires local access to the affected system to exploit.
- agent/softwarecombine
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/hp
- canonical/hp 68dtt
- version/hp 68dtt/f.0d