CVE-2016-1919

Опубликовано: 27 янв. 2017

Источник: nvd

CVSS3: 4.7

CVSS2: 1.9

EPSS Низкий

Описание

Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack.

Ссылки

http://lists.openwall.net/bugtraq/2016/01/17/2
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/135303/Samsung-KNOX-1.0-Weak-eCryptFS-Key-Generation.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/537319/100/0/threaded
http://www.securityfocus.com/archive/1/537340/100/0/threaded
http://lists.openwall.net/bugtraq/2016/01/17/2
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/135303/Samsung-KNOX-1.0-Weak-eCryptFS-Key-Generation.html
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/537319/100/0/threaded
http://www.securityfocus.com/archive/1/537340/100/0/threaded

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:samsung:knox:*:*:*:*:*:*:*:*

Версия до 1.0 (включая)

EPSS

Процентиль: 21%

0.00066

Низкий

4.7 Medium

CVSS3

1.9 Low

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-xjjc-8jjh-rwv3