PT-2023-20862 · Yale · Yale Conexis L1
Alexios Mylonas
+2
·
Published
2023-12-03
·
Updated
2024-01-16
·
CVE-2023-26941
CVSS v3.1
6.5
Medium
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Yale Conexis L1 version 1.1.0
Description
The issue is related to weak encryption mechanisms in RFID Tags, allowing attackers to create a cloned tag via physical proximity to the original.
Recommendations
For Yale Conexis L1 version 1.1.0, consider disabling the use of RFID tags until a patch or fix is available to strengthen the encryption mechanisms. Restrict physical access to the original tags to minimize the risk of cloning. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Inadequate Encryption Strength
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yale Conexis L1