CVE-2019-12813

Опубликовано: 13 июн. 2019

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt used for obfuscating the fingerprint image exhibit cleartext when the fingerprint scanner device transfers a fingerprint image to the driver. An attacker who sniffs an encrypted fingerprint image can easily decrypt that image using the key and salt.

Ссылки

https://github.com/sungjungk/fp-scanner-hacking
Exploit
Third Party Advisory
https://www.youtube.com/watch?v=Grirez2xeas
Exploit
Third Party Advisory
https://www.youtube.com/watch?v=wEXJDyEOatM
Exploit
Third Party Advisory
https://github.com/sungjungk/fp-scanner-hacking
Exploit
Third Party Advisory
https://www.youtube.com/watch?v=Grirez2xeas
Exploit
Third Party Advisory
https://www.youtube.com/watch?v=wEXJDyEOatM
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:crossmatch:digital_persona_u.are.u_4500_firmware:24:*:*:*:*:*:*:*

cpe:2.3:h:crossmatch:digital_persona_u.are.u_4500:-:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00176

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-319

Связанные уязвимости

GHSA-q63x-55rg-p2jm

github

больше 3 лет назад