CVE-2005-4175

Published: Dec 11, 2005Modified: Apr 16, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.

Affected (1)

Products: Insyde: Insyde Bios

Insyde

1 product

Insyde Bios

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Insyde Insyde Bios	Version v190

References (12)

http://www.ivizsecurity.com/preboot-patch.html

Source: cve@mitre.org

http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/847537

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.pulltheplug.org/users/endrazine/Bios.Information.Leakage.txt

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/419610/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/15751

Source: cve@mitre.org

http://www.ivizsecurity.com/preboot-patch.html