CVE-2010-0224
https://notcve.org/view.php?id=CVE-2010-0224
SanDisk Cruzer Enterprise USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program. Los dispositivos USB SanDisk Cruzer Enterprise validan las contraseñas con un programa que se ejecuta en el ordenador anfitrión y no en el propio dispositivo, lo que permite a atacantes cercanos físicamente, acceder a los contenidos del dispositivo mediante un programa modificado. • http://blogs.zdnet.com/hardware/?p=6655 http://it.slashdot.org/story/10/01/05/1734242 http://securitytracker.com/id?1023408 http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009 http://www.securityfocus.com/bid/37677 http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf http: • CWE-255: Credentials Management Errors •
CVE-2010-0225
https://notcve.org/view.php?id=CVE-2010-0225
SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key. Los dispositivos flash USB SanDisk Cruzer Enterprise utilizan una solución de clave de 256-bit para obtener acceso al contenido del dispositivo en texto plano, lo que hace más fácil a atacantes físicamente próximos leer o modificar información determinando y proporcionando esta clave. • http://blogs.zdnet.com/hardware/?p=6655 http://it.slashdot.org/story/10/01/05/1734242 http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009 http://www.securityfocus.com/bid/37677 http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf http://www.syss.de/index.php?id=108&tx& • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2010-0226
https://notcve.org/view.php?id=CVE-2010-0226
SanDisk Cruzer Enterprise USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time. Dispositivos flash USB SanDisk Cruzer Enterprise no previenen los ataques de repetición de contraseña, lo que permite a atacantes físicamente próximos acceder al contenido del dispositivo en texto plano proporcionando una clave que fue capturada en un flujo de datos UBS una vez anterior. • http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009 http://www.securityfocus.com/bid/37677 http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9 http://www.vupen.com/english/advisories/2010/0078 https://www.ironkey.com/usb-flash-drive-flaw-exposed • CWE-255: Credentials Management Errors •