4.6

CVE-2010-0225

SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.28% 0.195
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

http://blogs.zdnet.com/hardware/?p=6655
Broken Link
http://it.slashdot.org/story/10/01/05/1734242/
Third Party Advisory
http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html
Third Party Advisory
http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9
https://www.ironkey.com/usb-flash-drive-flaw-exposed
Broken Link
http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009
Vendor Advisory
http://www.securityfocus.com/bid/37677
Third Party Advisory
VDB Entry
http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf
Broken Link
http://www.vupen.com/english/advisories/2010/0078
Third Party Advisory