Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware
binary allows malicious actors to create credentials for any site code and card number that is using the default
ICT encryption.
References
Link | Resource |
---|---|
https://ict.co/media/1xdhaugi/credential-cloning.pdf |
Configurations
No configuration.
History
01 Aug 2024, 13:49
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
CWE | CWE-522 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.0 |
06 May 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-06 23:15
Updated : 2024-08-01 13:49
NVD link : CVE-2024-29941
Mitre link : CVE-2024-29941
CVE.ORG link : CVE-2024-29941
JSON object : View
Products Affected
No product.
CWE
CWE-522
Insufficiently Protected Credentials