CleanCache Fails to Wipe Files
|
|
SecurityTracker Alert ID: 1012701
|
|
SecurityTracker URL: http://securitytracker.com/id?1012701
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Dec 25 2004
|
Impact: Disclosure of system information, Disclosure of user information
|
Exploit Included: Yes
|
Version(s): 2.19
|
Description: A vulnerability was reported in CleanCache. A local user can obtain files that have ostensibly been wiped from the computer.
WBG Links reported that a local user can invoke common data recovery tools to obtain files that should have been removed by CleanCache.
The vendor has been notified.
|
Impact: A local user can recover files that have ostensibly been deleted.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.buttuglysoftware.com/ (Links to External Site)
|
Cause: Access control error, State error
|
Underlying OS: Windows (Any)
|
Reported By: WBG Links <wbglinks@gmail.com>
|
Message History:
None.
|
Source Message Contents
|
Date: 25 Dec 2004 16:34:47 -0000
From: WBG Links <wbglinks@gmail.com>
Subject: CleanCache v2.19: False Sense of Security
|
This is a similar (if not exact) problem that I found with the program Window Washer 5.x by Web Root:
http://www.securityfocus.com/archive/1/372717
Publisher: ButtUglySoftware
Program Description: CleanCache v.2.19 will clean up your Windows computer, such as IE cache, cookies
and temp directories to name
a few.
The program description also states:
"Secure file deletion using single, DoD and NSA wiping algorithms"
This statement is simply untrue and fails to properly delete any of the targeted data.
I was easily able to restore %100 of the "wiped" data, after running CleanCache. Files were
in fact deleted but using common freeware
recovery tools, the "wiped" data was recovered.
Conclusion: This program, in the area of security, does not perform as advertised.
Vendor was contacted, no reply as of yet.
WBG Links
www.wbglinks.net
|
|
