This update resolves an issue discovered while running password-protected commands in McAfee Application Control / Change Control 5.1.x / 6.0.0. A hotfix is available to mitigate the issue where the user is not prompted for the password while running password protected commands.
This flaw is encountered if the user sets certain attributes of the client password file to prevent the sadmin command execution. This overrides the prevention mechanism and the user is not prompted for the password while running any of the password-protected commands. Specifically, this flaw is encountered if the <install dir>\solidcore\passwd file attribute is set as read-only.
This flaw requires access to the local computer to set the attribute of the passwd file to read-only. It is therefore considered a local-only attack, although if remote drive access is enabled, the files can be accessed remotely.