CVE-2021-23878: Clear text storage of sensitive Information in ENS
First published: Wed Feb 10 2021(Updated: )
Clear text storage of sensitive Information in memory vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 February 2021 Update allows a local user to view ENS settings and credentials via accessing process memory after the ENS administrator has performed specific actions. To exploit this, the local user has to access the relevant memory location immediately after an ENS administrator has made a configuration change through the console on their machine
Credit: psirt@mcafee.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mcafee Endpoint Security | <10.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID is CVE-2021-23878.
Which software is affected by this vulnerability?
The vulnerability affects McAfee Endpoint Security (ENS) for Windows prior to version 10.7.0 February 2021 Update.
What is the severity of CVE-2021-23878?
The severity of this vulnerability is high.
How can a local user exploit this vulnerability?
A local user can exploit this vulnerability by accessing process memory after the ENS administrator has performed specific actions, allowing them to view ENS settings and credentials.
How do I fix CVE-2021-23878?
To fix this vulnerability, update McAfee Endpoint Security (ENS) to version 10.7.0 February 2021 Update or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/tags
- agent/first-publish-date
- agent/event
- agent/description
- vendor/mcafee
- canonical/mcafee endpoint security