CVE-2021-32033

Name of the Vulnerable Software and Affected Versions: Protectimus SLIM NFC 70 version 10.01

Description: The issue allows attackers to predict TOTP passwords in certain situations through a Time Traveler attack. An attacker with short-time physical access to the device can set the internal real-time clock (RTC) to the future, generate one-time passwords, and reset the clock to the current time. This enables the generation of valid future time-based one-time passwords without having further access to the hardware token.

Recommendations: For Protectimus SLIM NFC 70 version 10.01, as a temporary workaround, consider restricting physical access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.