PT-2019-12963 · Digitalpersona · Digital Persona U.Are.U 4500 Fingerprint Reader
Publicado
2019-06-13
·
Atualizado
2021-07-21
·
CVE-2019-12813
CVSS v3.1
5.9
Média
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Digital Persona U.are.U 4500 Fingerprint Reader version v24
Description
An issue was discovered where the key and salt used for obfuscating the fingerprint image are transmitted in cleartext when the fingerprint scanner device transfers a fingerprint image to the driver. This allows an attacker who intercepts an encrypted fingerprint image to easily decrypt the image using the key and salt.
Recommendations
For Digital Persona U.are.U 4500 Fingerprint Reader version v24, consider restricting access to the device until a patch is available to prevent unauthorized decryption of fingerprint images. As a temporary workaround, limit the use of the fingerprint reader to minimize the risk of exploitation.
Exploit
Correção
Cleartext Transmission of Sensitive Information
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Digital Persona U.Are.U 4500 Fingerprint Reader