PT-2023-20862 · Yale · Yale Conexis L1

Alexios Mylonas

Publicado

2023-12-03

Atualizado

2024-01-16

CVE-2023-26941

CVSS v3.1

6.5

Média

Vetor

AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Yale Conexis L1 version 1.1.0

Description The issue is related to weak encryption mechanisms in RFID Tags, allowing attackers to create a cloned tag via physical proximity to the original.

Recommendations For Yale Conexis L1 version 1.1.0, consider disabling the use of RFID tags until a patch or fix is available to strengthen the encryption mechanisms. Restrict physical access to the original tags to minimize the risk of cloning. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Inadequate Encryption Strength

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-326

Identificadores relacionados

CVE-2023-26941

Produtos afetados

Yale Conexis L1

PT-2023-20862 · Yale · Yale Conexis L1

CVE-2023-26941

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8