CVE-2020-7299

MEDIUM

McAfee True Key < 6.2.109.2 - Cleartext Storage of Sensitive Information in Memory

Title source: llm

Description

Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations.

References (1)

Core 1

Core References

Various Sources x_refsource_confirm

https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp&articleId=TS103066&_afrLoop=1258314779734827&leftWidth=0%25&showFooter=false&showHeader=false&rightWidth=0%25&centerWidth=100%25

Scores

CVSS v3 5.0

EPSS 0.0025

EPSS Percentile 48.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N

Details

CWE

CWE-522

Status published

Products (1)

mcafee/true_key < 6.2.109.2

Published Sep 04, 2020

Tracked Since Feb 18, 2026