CVE-2020-7299

MEDIUM

Mcafee True Key < 6.2.109.2 - Insufficiently Protected Credentials

Title source: rule

Description

Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations.

References (1)

[Various Sources] https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fcp&articleId=TS103066&_afrLoop=1258314779734827&leftWidth=0%25&showFooter=false&showHeader=false&rightWidth=0%25&centerWidth=100%25

Scores

CVSS v3 5.0

EPSS 0.0018

EPSS Percentile 39.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N

Classification

CWE

CWE-522

Status published

Affected Products (1)

mcafee/true_key < 6.2.109.2

Timeline

Published Sep 04, 2020

Tracked Since Feb 18, 2026