Utimaco Safeguard Easy vulnerability
At this moment our company looks for a software to encrypt the whole disk
drives on laptops.
I see that many companies and government institutions use Utimaco Safeguard
First, we looked at this software as well.
However, it seems that the tool that is supposed to make laptops more secure
has some serious problems related to password and key distribution.
For deployement in big companies, Utimaco recommend to implement centralized
The management is done via CFG-files that are pushed via SMS, Active Directory
These CFG files contain encryption keys for hard disks and floppy, as well as
user passwords and backup passwords for recovery.
The content of the file is supposedly "encrypted" as Utimaco's manual says.
However, it seems that the encryption keys are hardcoded directly in the EXE
file. So, they are easily recoverable and all these CFG files can be easily
I am just wondering whether it has been discussed here and someone else has
seen this problem before?
I know that many government and bank institutions use this product, am I the
only person to see this security whole?