Utimaco replies to SafeGuard Easy encryption key vulnerability
As reported on Bugtraq list last Friday:
However, it seems that the encryption keys are hardcoded directly in the EXE file. So, they are easily recoverable and all these CFG files can be easily compromised.
This case is related to encryption level of configuration files (.CFG) when installing several workstations at the same time with centralised management tools. SafeGuard Easy is for encrypting hard drives.
Company’s response entitled as Statement on SafeGuard Easy Articles regarding Configuration File Vulnerability is located here [2-p PDF]:
www.utimaco.fi/servlets/ActionDispatcher? action:ws3_content_get_binary=true&scope=domain&domain_id=www.utimaco.fi& page_id=/templates/ajankohtaisteksti.jsp? ws3_page_id=tiedoteartikkeli_103&form_id=&component_id=linkin_dokumentti_104
(a very interesting URL format…)
UPDATE: Due to the length two spaces added. TinyURL: http://tinyurl.com/vteca
This statement lists some workarounds and discusses about “chicken and agg” problem when delivering files to end clients. This PDF document has revision 2.0, the original version was released on 17th Oct.