PT-2017-14445 · Sandisk · Sandisk Secure Access

Published

2017-11-16

Updated

2019-10-03

CVE-2017-16560

CVSS v3.1

4.3

Medium

Vector

AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SanDisk Secure Access version 3.01

Description The issue arises when SanDisk Secure Access 3.01 decrypts and copies encrypted files to a temporary folder. In certain situations, such as when a file is being edited and the user exits the application, or if the application crashes, these decrypted files can remain in the temporary folder indefinitely.

Recommendations For SanDisk Secure Access version 3.01, consider implementing a mechanism to securely delete temporary files after use, especially when the application is exited or crashes, to prevent potential unauthorized access to sensitive information. As a temporary workaround, manually check and clear the temporary folder regularly to minimize the risk of exploitation.

Exploit

Fix

Insecure Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-922

Related Identifiers

CVE-2017-16560

Affected Products

Sandisk Secure Access

PT-2017-14445 · Sandisk · Sandisk Secure Access

CVE-2017-16560

Weakness Enumeration

Related Identifiers

Affected Products

References · 4