SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.
References
Link | Resource |
---|---|
http://blogs.zdnet.com/hardware/?p=6655 | Broken Link |
http://it.slashdot.org/story/10/01/05/1734242/ | Third Party Advisory |
http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html | Third Party Advisory |
http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009 | Vendor Advisory |
http://www.securityfocus.com/bid/37677 | Third Party Advisory VDB Entry |
http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf | Broken Link |
http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9 | |
http://www.vupen.com/english/advisories/2010/0078 | Third Party Advisory |
https://www.ironkey.com/usb-flash-drive-flaw-exposed | Broken Link |
Configurations
Configuration 1 (hide)
AND |
|
History
07 Nov 2023, 02:05
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2010-01-07 19:30
Updated : 2024-02-28 11:41
NVD link : CVE-2010-0225
Mitre link : CVE-2010-0225
CVE.ORG link : CVE-2010-0225
JSON object : View
Products Affected
sandisk
- cruzer_enterprise
- cruzer_enterprise_firmware
CWE
CWE-312
Cleartext Storage of Sensitive Information