CVE-2024-29941

Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows malicious actors to create credentials for any site code and card number that is using the default ICT encryption.
Configurations

No configuration.

History

21 Nov 2024, 09:08

Type Values Removed Values Added
References () https://ict.co/media/1xdhaugi/credential-cloning.pdf - () https://ict.co/media/1xdhaugi/credential-cloning.pdf -

01 Aug 2024, 13:49

Type Values Removed Values Added
Summary
  • (es) El almacenamiento inseguro de las claves de cifrado ICT MIFARE y DESFire en el binario del firmware permite a actores malintencionados crear credenciales para cualquier código de sitio y número de tarjeta que utilice el cifrado ICT predeterminado.
CWE CWE-522
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.0

06 May 2024, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-06 23:15

Updated : 2024-11-21 09:08


NVD link : CVE-2024-29941

Mitre link : CVE-2024-29941

CVE.ORG link : CVE-2024-29941


JSON object : View

Products Affected

No product.

CWE
CWE-522

Insufficiently Protected Credentials