PT-2019-12963 · Digitalpersona · Digital Persona U.Are.U 4500 Fingerprint Reader
Published
2019-06-13
·
Updated
2021-07-21
·
CVE-2019-12813
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Digital Persona U.are.U 4500 Fingerprint Reader version v24
Description
An issue was discovered where the key and salt used for obfuscating the fingerprint image are transmitted in cleartext when the fingerprint scanner device transfers a fingerprint image to the driver. This allows an attacker who intercepts an encrypted fingerprint image to easily decrypt the image using the key and salt.
Recommendations
For Digital Persona U.are.U 4500 Fingerprint Reader version v24, consider restricting access to the device until a patch is available to prevent unauthorized decryption of fingerprint images. As a temporary workaround, limit the use of the fingerprint reader to minimize the risk of exploitation.
Exploit
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Digital Persona U.Are.U 4500 Fingerprint Reader