CVE-2018-19279

Vulnerability

PRIMX ZoneCentral for Windows prior to version 6.1.2236 leaks the plaintext of NTFS files when encrypting local folders. The issue is limited to files smaller than approximately 600 bytes and only occurs on NTFS file systems; network shares and other file systems are not affected. The plaintext briefly appears on disk before being overwritten with the encrypted version after a delay of less than 5 seconds on non-SSD devices. On SSD devices, plaintext may persist longer due to disk firmware behavior [1].

Exploitation

An attacker with physical or low-privileged local access to the system can exploit this vulnerability. No user interaction is required. The attacker must monitor the disk during the short window (up to 5 seconds on HDD) after a small file is written to an encrypted folder. On SSDs, the plaintext may remain accessible for an extended period. The attack vector is physical (AV:P) with low complexity [1].

Impact

Successful exploitation results in a low confidentiality impact: the attacker can recover the plaintext of small files (up to 600 bytes) that were intended to be encrypted. There is no integrity or availability impact. The scope remains unchanged [1].

Mitigation

Upgrade to ZoneCentral for Windows version 6.1.2236 or above, which fixes the issue [1]. No workaround is available for unpatched versions.