Jae Hyuk Lee

**Name of the Vulnerable Software and Affected Versions** Lexar F35 version 1.0.34 **Description** An access control issue in the authentication module allows attackers to access sensitive data and cause a Denial of Service (DoS). Attackers can bypass user authentication without having any information related to the password of the registered user. The secure USB flash drive transmits the password entered by the user to the authentication module, which compares the input password with the registered password stored in the module. An attacker can bypass password authentication by analyzing the functions that return the password verification or comparison results and manipulate the authentication result values. This allows attackers to be authenticated as a legitimate user, even with an incorrect password, and exploit functions of the secure USB flash drive. **Recommendations** For Lexar F35 version 1.0.34, as a temporary workaround, consider restricting access to the authentication module until a patch is available. Avoid using the authentication functions that return the password verification or comparison results until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Samsung Drive Manager version 2.0.104 Description: The issue allows attackers to bypass intended access controls on disk management. Functions such as `WideCharToMultiByte`, `WideCharStr`, and `MultiByteStr` can contribute to password exposure. Recommendations: For Samsung Drive Manager version 2.0.104, consider restricting access to the disk management functionality until a patch is available. As a temporary workaround, avoid using the `WideCharToMultiByte`, `WideCharStr`, and `MultiByteStr` functions to minimize the risk of password exposure.

Name of the Vulnerable Software and Affected Versions: DM FingerTool version 1.19 Description: The issue concerns improper authentication in DM FingerTool, allowing local attackers to bypass user authentication through a replay attack. This enables access to all features and data on the USB. Recommendations: For DM FingerTool version 1.19, consider disabling the authentication mechanism temporarily until a patch is available to prevent exploitation. Restrict access to the USB device to minimize the risk of unauthorized data access.