CVE-2010-0229

Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.verbatim.com/security/security-update.cfm	Vendor Advisory
https://www.ironkey.com/usb-flash-drive-flaw-exposed
http://www.verbatim.com/security/security-update.cfm	Vendor Advisory
https://www.ironkey.com/usb-flash-drive-flaw-exposed

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:verbatim:corporate_secure::::::::
	cpe:2.3:h:verbatim:corporate_secure:::fips:::::*

History

21 Nov 2024, 01:11

Type	Values Removed	Values Added
References	~~() http://www.verbatim.com/security/security-update.cfm - Vendor Advisory~~	() http://www.verbatim.com/security/security-update.cfm - Vendor Advisory
References	~~() https://www.ironkey.com/usb-flash-drive-flaw-exposed -~~	() https://www.ironkey.com/usb-flash-drive-flaw-exposed -

Information

Published : 2010-01-07 19:30

Updated : 2024-11-21 01:11

NVD link : CVE-2010-0229

Mitre link : CVE-2010-0229

CVE.ORG link : CVE-2010-0229

JSON object : View

Products Affected

verbatim

corporate_secure

CWE

CWE-255

Credentials Management Errors

{"id": "CVE-2010-0229", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2010-01-07T19:30:00.747", "references": [{"url": "http://www.verbatim.com/security/security-update.cfm", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.ironkey.com/usb-flash-drive-flaw-exposed", "source": "cve@mitre.org"}, {"url": "http://www.verbatim.com/security/security-update.cfm", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ironkey.com/usb-flash-drive-flaw-exposed", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time."}, {"lang": "es", "value": "Los dispositivos flash USB Verbatim Corporate Secure y Corporate Secure FIPS Edition no previenen los ataques de repetici\u00f3n de contrase\u00f1a, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos acceder al contenido del dispositivo en texto plano proporcionando una clave que fue capturada en un flujo de datos UBS una vez anterior."}], "lastModified": "2024-11-21T01:11:48.370", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:verbatim:corporate_secure:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BCF538F-945E-484F-847A-77D148E569FD"}, {"criteria": "cpe:2.3:h:verbatim:corporate_secure:*:*:fips:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B85262D-B58D-4935-BAE2-A28A79F2C369"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}