CVE-2014-2884
LOWTrueCrypt 7.1a - Local Information Disclosure via IOCTL Calls
Title source: llmDescription
The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_OPEN_TEST or (2) TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG IOCTL call.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://opencryptoaudit.org/reports/iSec_Final_Open_Crypto_Audit_Project_TrueCrypt_Security_Assessment.pdf
Issue Tracking, Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/04/17/7
Scores
CVSS v3
3.3
EPSS
0.0025
EPSS Percentile
16.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
CWE-284
Status
published
Products (1)
truecrypt_project/truecrypt
7.1 a
Published
Mar 19, 2018
Tracked Since
Feb 18, 2026