CVE-2024-0454

Name of the Vulnerable Software and Affected Versions ELAN Match-on-Chip FPR solution versions prior to 3.0.12011.08009 (Legacy) ELAN Match-on-Chip FPR solution versions prior to 3.3.12011.08103 (ESS)

Description The ELAN Match-on-Chip FPR solution has a design fault that poses a potential risk of valid SID leakage and enumeration with a spoof sensor. This fault can lead to the bypass of Windows Hello recognition by cloning the SID, resulting in broken account identity.

Recommendations For versions lower than 3.0.12011.08009 (Legacy), update to version 3.0.12011.08009 or later to resolve the issue. For versions lower than 3.3.12011.08103 (ESS), update to version 3.3.12011.08103 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Windows Hello recognition feature until a patch is available.