Lenovo Hui Security (5.x) password Leakage

Lenovo huiyundun (Lenovo hard disk Protection System) 5.x is a product jointly launched by Beijing haiguang company, which is common in the school's data center. Due to product design defects, any user can read the administrator password when the hard disk protection system is enabled. Lenovo future security stores a series of configuration information including passwords in 0-cylinder, 0-head, and 3-sector. This sector can also be read by any user with administrator permissions (directly read \. \ PhysicalDrive0) when the hard disk protection system is enabled (in protection mode) without any protection. Only Reversible Changes were made to the storage administrator password of Lenovo security. As a result, any user with administrator permissions can read the configuration information including the administrator password. In this case, the system configures the first several bytes of the slice (0 cylinder 0 head 3 slice) ?? ?? 4b 2d 31 30, which can be used as features for identification. Solution: 1. modify the driver in windows. At least do not allow reading the configured sector in protection mode. 2. change the password storage mode. Do not use reversible transformations. for the IDC administrator, you can set a password for the Administrator account to temporarily solve this problem.