Описание
The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux, and accepts an unauthenticated configuration packet to select the Windows template database, which allows bypass of Windows Hello authentication by enrolling an attacker's fingerprint.
Ссылки
- ExploitTechnical DescriptionThird Party Advisory
- ExploitTechnical DescriptionThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:goodix:fingerprint_sensor_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:goodix:fingerprint_sensor:-:*:*:*:*:*:*:*
EPSS
Процентиль: 1%
0.0001
Низкий
6.4 Medium
CVSS3
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 6.4
github
около 2 лет назад
The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux, and accepts an unauthenticated configuration packet to select the Windows template database, which allows bypass of Windows Hello authentication by enrolling an attacker's fingerprint.
EPSS
Процентиль: 1%
0.0001
Низкий
6.4 Medium
CVSS3
Дефекты
CWE-287