Vulnerabilities > CVE-2010-0224 - Credentials Management vulnerability in Sandisk Cruzer Enterprise USB
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
SanDisk Cruzer Enterprise USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 1 |
Common Weakness Enumeration (CWE)
References
- http://blogs.zdnet.com/hardware/?p=6655
- http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html
- http://it.slashdot.org/story/10/01/05/1734242/
- http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009
- https://www.ironkey.com/usb-flash-drive-flaw-exposed
- http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf
- http://securitytracker.com/id?1023408
- http://www.securityfocus.com/bid/37677
- http://www.vupen.com/english/advisories/2010/0078
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55475
- http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9