-
Título
Is Authentication Services affected by Spectre vulnerability (CVE-2017-5753 & CVE-2017-5754) or Meltdown (CVE-2017-5715)? -
Descrição
Is Authentication Services affected by the Spectre vulnerability (CVE-2017-5753 & CVE-2017-5754) or Meltdown (CVE-2017-5715)? -
Resolução
Meltdown and Spectre are two major flaws in computer chips that could allow attackers to read sensitive data from most computing devices. Like all applications running on an affected processor, Authentication Services can be attacked by Meltdown and Spectre. However, Authentication Services uses secure programming practices to minimize the potential exposure of privileged user information to an attacker. For example, sensitive information, most importantly a user's password, is never stored in memory in plain text. Also, the memory that contained the plain text in transit is overwritten with null bytes prior to being released back to the operating system.
Meltdown and Spectre are attacks against the hardware architecture, so there is no way for Authentication Services to prevent these exploits from occurring. As a result, there are no patches for Authentication Services. It is recommended that you follow the operating system or hardware vendor's recommendations for patching to address these flaws. For more information please contact your system or hardware vendor.
-
Informações adicionais
CVE-2017-5753: bounds check bypass CVE-2017-5715: branch target injection CVE-2017-5754: rogue data cache load