CVE-2022-28387

 

Published at: - 08-06-2022 06:15

Last modified: - 21-06-2022 07:42

Total changes: - 3

Description

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The attacker can simply use an undocumented IOCTL command that retrieves the correct password. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

 

Verification logic

 

Reference

• https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-009.txt
• https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-014.txt
• 20220610 [SYSS-2022-014]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28387)-Exploit, Mailing List, Third Party Advisory
• 20220610 [SYSS-2022-009]: Verbatim Executive Fingerprint Secure SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28387)-Exploit, Mailing List, Third Party Advisory
• http://packetstormsecurity.com/files/167531/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html
• http://packetstormsecurity.com/files/167527/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html

 

Keywords

NVD

 

CVE-2022-28387

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures