PT-2021-17149 · Unknown · Dm Fingertool

Jae Hyuk Lee

Published

2021-07-26

Updated

2021-08-09

CVE-2021-26824

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: DM FingerTool version 1.19

Description: The issue concerns improper authentication in DM FingerTool, allowing local attackers to bypass user authentication through a replay attack. This enables access to all features and data on the USB.

Recommendations: For DM FingerTool version 1.19, consider disabling the authentication mechanism temporarily until a patch is available to prevent exploitation. Restrict access to the USB device to minimize the risk of unauthorized data access.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-294

Related Identifiers

CVE-2021-26824

GHSA-XVRV-W76R-GH28

Affected Products

Dm Fingertool

PT-2021-17149 · Unknown · Dm Fingertool

CVE-2021-26824

Weakness Enumeration

Related Identifiers

Affected Products

References · 7