CVE-2008-3893

MEDIUM

Microsoft Bitlocker <Windows Vista SP1 - Info Disclosure

Title source: llm

Description

Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer during boot, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.

References (2)

[Vendor Advisory] http://secunia.com/advisories/31619

[Various Sources] http://www.ivizsecurity.com/security-advisory-iviz-sr-0801.html

Scores

CVSS v3 5.5

EPSS 0.0082

EPSS Percentile 74.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (2)

microsoft/windows_vista

Timeline

Published Sep 03, 2008

Tracked Since Feb 18, 2026