CVE-2010-0226 - SanDisk Cruzer Enterprise USB flash drives do not prevent password replay attacks, which allows phys

CVE-2010-0226

Summary

SanDisk Cruzer Enterprise USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time.

References

Vulnerable Configurations

cpe:2.3:h:sandisk:cruzer_enterprise_usb:*:*:*:*:*:*:*:*
cpe:2.3:h:sandisk:cruzer_enterprise_usb:*:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 13-08-2018 - 21:47)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	37677
misc	http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009 http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf http://www.syss.de/index.php?id=108&tx_ttnews[tt_news]=528&cHash=8d16fa63d9 https://www.ironkey.com/usb-flash-drive-flaw-exposed
vupen	ADV-2010-0078

Last major update

13-08-2018 - 21:47

Published

07-01-2010 - 19:30

Last modified

13-08-2018 - 21:47