Speech Viewer text cached on lock screen

Summary

Speech viewer remains open when Windows is locked.
Speech viewer may contain a cache of secure information from the previous user session.
That cache remains accessible when Windows is locked.
This may lead to the loss of confidential information.

This issue requires speech viewer to be open when Windows is locked, and left open.
When locking your computer it is visually obvious that speech viewer is still open, but it may not be clear to blind users.
This issue also requires the Windows lock screen to be enabled.

Patch commit(s)

d5510dc

Limitations

A user must leave Windows locked with speech viewer still open.

Technical details

None

Proof of concept

Enable speech viewer
Read any private information, e.g. e-mail, bank account, etc.
Lock Windows (Windows+L)
alt+tab to speech viewer

Indicators of compromise

Speech viewer left open when Windows is locked and left unattended

Workarounds

Close speech viewer when locking Windows.

Timeline

Disclosed Early October 2022
Released in 2022.3.1 on October 17 2022

For more information

If you have any questions or comments about this advisory:

Email us at [email protected]

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Speech Viewer text cached on lock screen

Software

Affected versions

Patched versions

Description

Summary

Patch commit(s)

Limitations

Technical details

Proof of concept

Indicators of compromise

Workarounds

Timeline

For more information

Severity

CVSS base metrics

CVE ID

Weaknesses

Credits