Trusted Digital, Trusted Mobility Suite Authorization Bypass Vulnerability
Trusted Digital, Trusted MObility Suite Authorization Bypass Vulnerability
Affected applications
Trusted Mobility Agent PC Policy
Versions: All
Backgroud:
Trusted Mobility Suite detects, controls and centrally manages
mobile devices. It also pushes security policy and disables lost
or stolen devices. It offers robust protection of PDA devices with
simple management tools to ensure that security is maintained.
Workstations have a client installed that disallows syncing if users
are not authorized to sync, along with several other features.
When a user attempts to sync for the first time, the PC Policy windows
opens. The user is required to enter their Domain username and password.
Description:
When the PC Policy Window opens, the user can click on the cancel button,
open activesync or other syncing software, and sync handheld device.
The PC Policy window will periodially come back up, user can continue to
cancel and resync handheld device with no problem.
Solution:
The vendor has been contacted well over two months ago. Was told a beta
was in testing but nothing has been released yet.