Security Bulletin 18A10338 (CVE-2018-19279) 11/9/2018
When ZoneCentral for Windows prior to version 6.1.2236 is used to encrypt local folders on a NTFS file system, some very small files (with a size below approximately 600 bytes) can briefly appear in clear text on the disk. These files are overwritten with their encrypted version after a short delay (less than 5 seconds).
On SSD disks, persistent portions in clear text may remain longer, depending on the disk firmware.
This problem does not apply to network shares or any other file systems than NTFS.
CVSS SCORE: BASE 2.1
- Attack Vector (AV): Physical (P)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): Low (L)
- Integrity (I): None (N)
- Availability (A): None (N)
AFFECTED PRODUCTS AND VERSIONS
- ZoneCentral for Windows version prior to 6.1.2236
SOLUTIONS AND RECOMMENDATIONS
Upgrade to ZoneCentral for Windows version 6.1.2236 and above.