CVE-2020-12061

An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a result, the attacker is able to arbitrarily manipulate the firmware of the microcontroller.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:nitrokey:fido_u2f_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:nitrokey:fido_u2f:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:59

Type Values Removed Values Added
References () https://cwe.mitre.org/data/definitions/523.html - Third Party Advisory () https://cwe.mitre.org/data/definitions/523.html - Third Party Advisory
References () https://eprint.iacr.org/2021/640.pdf - Exploit, Third Party Advisory () https://eprint.iacr.org/2021/640.pdf - Exploit, Third Party Advisory
References () https://github.com/Nitrokey/nitrokey-fido-u2f-firmware/commits/master - Patch, Third Party Advisory () https://github.com/Nitrokey/nitrokey-fido-u2f-firmware/commits/master - Patch, Third Party Advisory
References () https://github.com/Nitrokey/nitrokey-fido-u2f-firmware/releases - Third Party Advisory () https://github.com/Nitrokey/nitrokey-fido-u2f-firmware/releases - Third Party Advisory

Information

Published : 2021-05-21 12:15

Updated : 2024-11-21 04:59


NVD link : CVE-2020-12061

Mitre link : CVE-2020-12061

CVE.ORG link : CVE-2020-12061


JSON object : View

Products Affected

nitrokey

  • fido_u2f_firmware
  • fido_u2f
CWE
CWE-522

Insufficiently Protected Credentials