CVE-2021-46390

Name of the Vulnerable Software and Affected Versions Lexar F35 version 1.0.34

Description An access control issue in the authentication module allows attackers to access sensitive data and cause a Denial of Service (DoS). Attackers can bypass user authentication without having any information related to the password of the registered user. The secure USB flash drive transmits the password entered by the user to the authentication module, which compares the input password with the registered password stored in the module. An attacker can bypass password authentication by analyzing the functions that return the password verification or comparison results and manipulate the authentication result values. This allows attackers to be authenticated as a legitimate user, even with an incorrect password, and exploit functions of the secure USB flash drive.

Recommendations For Lexar F35 version 1.0.34, as a temporary workaround, consider restricting access to the authentication module until a patch is available. Avoid using the authentication functions that return the password verification or comparison results until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.