Vulnerability-Lookup

CNVD-2020-37893

Vulnerability from cnvd - Published: 2020-07-09

Title

WindowsHello open source library加密问题漏洞

Description

WindowsHello是一款用于与Windows Hello生物特征面部识别库一同使用的解锁开源库。 WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello) 1.0.4之前版本中存在加密问题漏洞。攻击者可利用该漏洞无需身份验证便可解密加密的数据。

Severity

低

Patch Name

WindowsHello open source library加密问题漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/SeppPenner/WindowsHello/security/advisories/GHSA-wvpv-ffcv-r6cw

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-11005

Impacted products

Name
WindowsHello WindowsHello <1.0.4

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-11005"
    }
  },
  "description": "WindowsHello\u662f\u4e00\u6b3e\u7528\u4e8e\u4e0eWindows Hello\u751f\u7269\u7279\u5f81\u9762\u90e8\u8bc6\u522b\u5e93\u4e00\u540c\u4f7f\u7528\u7684\u89e3\u9501\u5f00\u6e90\u5e93\u3002\n\nWindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello) 1.0.4\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u52a0\u5bc6\u95ee\u9898\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u65e0\u9700\u8eab\u4efd\u9a8c\u8bc1\u4fbf\u53ef\u89e3\u5bc6\u52a0\u5bc6\u7684\u6570\u636e\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/SeppPenner/WindowsHello/security/advisories/GHSA-wvpv-ffcv-r6cw",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-37893",
  "openTime": "2020-07-09",
  "patchDescription": "WindowsHello\u662f\u4e00\u6b3e\u7528\u4e8e\u4e0eWindows Hello\u751f\u7269\u7279\u5f81\u9762\u90e8\u8bc6\u522b\u5e93\u4e00\u540c\u4f7f\u7528\u7684\u89e3\u9501\u5f00\u6e90\u5e93\u3002\r\n\r\nWindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello) 1.0.4\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u52a0\u5bc6\u95ee\u9898\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u65e0\u9700\u8eab\u4efd\u9a8c\u8bc1\u4fbf\u53ef\u89e3\u5bc6\u52a0\u5bc6\u7684\u6570\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "WindowsHello open source library\u52a0\u5bc6\u95ee\u9898\u6f0f\u6d1e \u7684\u8865\u4e01",
  "products": {
    "product": "WindowsHello WindowsHello \u003c1.0.4"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-11005",
  "serverity": "\u4f4e",
  "submitTime": "2020-04-15",
  "title": "WindowsHello open source library\u52a0\u5bc6\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2020-11005 (GCVE-0-2020-11005)

Vulnerability from cvelistv5 – Published: 2020-04-14 22:30 – Updated: 2024-08-04 11:21

Title

Internal NCryptDecrypt method could be used externally from WindowsHello library.

Summary

The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used to encrypt text and write the output to a txt file, another executable could be able to decrypt the text using the static method NCryptDecrypt from this same library without the need to use Windows Hello Authentication again. This has been patched in version 1.0.4.

Severity ?

5.1 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Assigner

GitHub_M

References

URL

Tags

	https://github.com/SeppPenner/WindowsHello/securi…	x_refsource_CONFIRM
	https://github.com/SeppPenner/WindowsHello/issues/3	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	SeppPenner	WindowsHello	Affected: < 1.0.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:21:13.928Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/SeppPenner/WindowsHello/security/advisories/GHSA-wvpv-ffcv-r6cw"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/SeppPenner/WindowsHello/issues/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WindowsHello",
          "vendor": "SeppPenner",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.0.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used to encrypt text and write the output to a txt file, another executable could be able to decrypt the text using the static method NCryptDecrypt from this same library without the need to use Windows Hello Authentication again. This has been patched in version 1.0.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-14T22:30:14",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/SeppPenner/WindowsHello/security/advisories/GHSA-wvpv-ffcv-r6cw"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/SeppPenner/WindowsHello/issues/3"
        }
      ],
      "source": {
        "advisory": "GHSA-wvpv-ffcv-r6cw",
        "discovery": "UNKNOWN"
      },
      "title": "Internal NCryptDecrypt method could be used externally from WindowsHello library.",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-11005",
          "STATE": "PUBLIC",
          "TITLE": "Internal NCryptDecrypt method could be used externally from WindowsHello library."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WindowsHello",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SeppPenner"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WindowsHello open source library (NuGet HaemmerElectronics.SeppPenner.WindowsHello), before version 1.0.4, has a vulnerability where encrypted data could potentially be decrypted without needing authentication. If the library is used to encrypt text and write the output to a txt file, another executable could be able to decrypt the text using the static method NCryptDecrypt from this same library without the need to use Windows Hello Authentication again. This has been patched in version 1.0.4."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/SeppPenner/WindowsHello/security/advisories/GHSA-wvpv-ffcv-r6cw",
              "refsource": "CONFIRM",
              "url": "https://github.com/SeppPenner/WindowsHello/security/advisories/GHSA-wvpv-ffcv-r6cw"
            },
            {
              "name": "https://github.com/SeppPenner/WindowsHello/issues/3",
              "refsource": "MISC",
              "url": "https://github.com/SeppPenner/WindowsHello/issues/3"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-wvpv-ffcv-r6cw",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-11005",
    "datePublished": "2020-04-14T22:30:14",
    "dateReserved": "2020-03-30T00:00:00",
    "dateUpdated": "2024-08-04T11:21:13.928Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-37893

CVE-2020-11005 (GCVE-0-2020-11005)

Tags

Sightings

Nomenclature