KPMG-2002018: Pointsec for PalmOS PIN disclosure

["Binken, Rens" <Binken.Laurens () kpmg nl>]

--------------------------------------------------------------------

Title: Pointsec for PalmOS PIN disclosure

BUG-ID: 2002018
Released: 03rd May 2002
Discovered by: Laurens Binken, KPMG IRM, the Netherlands
--------------------------------------------------------------------

Problem:
========
Pointsec software for PalmOS stores it's authentication credentials 
in clear-text in memory. These credentials (the PIN code) can be 
retrieved in a few seconds once the Palm device is authenticated.


Vulnerable:
===========
- Pointsec for PalmOS V1.0
- Pointsec for PalmOS V1.1


Not vulnerable:
===============
- Pointsec for PalmOS V1.2

Product Description:
====================
Quoted from the vendors web page:

"Pointsec® for Palm OS combines sophisticated access control, data 
 encryption, and a revolutionary user authentication process to 
 protect everything - not just a few selected applications like most 
 PDA security products. Pointsec´s mandatory access control complies 
 with tough new security regulations and reduces liability for third 
 party data by ensuring that only authorized users can access 
 applications and data."


Details:
========
The Pointsec software for PalmOS uses a PIN code to unlock the
Palm device. This PIN code is stored in clear-text in the memory of 
the Palm device. 

The PIN code can be extracted by dumping the memory of the device 
once the user has authenticated. The extraction only takes a few 
seconds.

The Pointsec software can be configured to time-out after a given 
period, forcing re-entry of the PIN code.
However, this period is most likely longer than the time it takes 
for a malicious user to steal the Palm and extract the PIN thus 
giving him access to all the data on the Palm.


Vendor URL:
===========
You can visit the vendors web page here: http://www.pointsec.com


Vendor response:
================
The vendor was contacted about the first issue on the 13th of
February, 2002. We received a new version of Pointsec for PalmOS 
on 18th of May which corrected this specific issue.


Corrective action:
==================
Upgrade to Pointsec for PalmOS version 1.2, which is available 
from Pointsec (http://www.pointsec.com)

Authors:
Laurens Binken (binken.laurens () kpmg nl)

--------------------------------------------------------------------
KPMG is not responsible for the misuse of the information we provide 
through our security advisories. These advisories are a service to 
the professional security community. In no event shall KPMG be lia-
ble for any consequences whatsoever arising out of or in connection 
with the use or spread of this information.
--------------------------------------------------------------------






**********************************************************************
De informatie verzonden met dit e-mailbericht (en bijlagen)
is uitsluitend bestemd voor de geadresseerde(n) en zij die
van de geadresseerde(n) toestemming kregen dit bericht te
lezen. Gebruik door anderen dan geadresseerde(n) is
verboden. De informatie in dit e-mailbericht (en bijlagen)
kan vertrouwelijk van aard zijn en kan binnen het bereik
vallen van een geheimhoudingsplicht en een verschonings-
recht.

Any information transmitted by means of this e-mail (and any
of its attachments) is intended exclusively for the addressee
or addressees and for those authorized by the addressee
or addressees to read this message. Any use by a party
other than the addressee or addressees is prohibited.
The information contained in this e-mail (or any of its 
attachments) may be confidential in nature and fall under a
duty of non-disclosure and the attorney-client privilege.
**********************************************************************