Trusted Digital, Trusted Mobility Suite Authorization Bypass Vulnerability

[none () securityfocus com]

Trusted Digital, Trusted MObility Suite Authorization Bypass Vulnerability

Affected applications

Trusted Mobility Agent PC Policy

Versions:  All

Backgroud:

Trusted Mobility Suite detects, controls and centrally manages 
mobile devices. It also pushes security policy and disables lost 
or stolen devices. It offers robust protection of PDA devices with 
simple management tools to ensure that security is maintained.

Workstations have a client installed that disallows syncing if users
are not authorized to sync, along with several other features.

When a user attempts to sync for the first time, the PC Policy windows
opens.  The user is required to enter their Domain username and password.

Description:

When the PC Policy Window opens, the user can click on the cancel button,
open activesync or other syncing software, and sync handheld device.  
The PC Policy window will periodially come back up, user can continue to 
cancel and resync handheld device with no problem.

Solution:
The vendor has been contacted well over two months ago.  Was told a beta
was in testing but nothing has been released yet.