2 results (0.002 seconds)

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

SanDisk Cruzer Enterprise USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program. Los dispositivos USB SanDisk Cruzer Enterprise validan las contraseñas con un programa que se ejecuta en el ordenador anfitrión y no en el propio dispositivo, lo que permite a atacantes cercanos físicamente, acceder a los contenidos del dispositivo mediante un programa modificado. • http://blogs.zdnet.com/hardware/?p=6655 http://it.slashdot.org/story/10/01/05/1734242 http://securitytracker.com/id?1023408 http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009 http://www.securityfocus.com/bid/37677 http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf http: • CWE-255: Credentials Management Errors •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

SanDisk Cruzer Enterprise USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time. Dispositivos flash USB SanDisk Cruzer Enterprise no previenen los ataques de repetición de contraseña, lo que permite a atacantes físicamente próximos acceder al contenido del dispositivo en texto plano proporcionando una clave que fue capturada en un flujo de datos UBS una vez anterior. • http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009 http://www.securityfocus.com/bid/37677 http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9 http://www.vupen.com/english/advisories/2010/0078 https://www.ironkey.com/usb-flash-drive-flaw-exposed • CWE-255: Credentials Management Errors •