Vulnerabilities > CVE-2010-0226 - Credentials Management vulnerability in Sandisk Cruzer Enterprise USB
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
SanDisk Cruzer Enterprise USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Hardware | 1 |
Common Weakness Enumeration (CWE)
References
- http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf
- https://www.ironkey.com/usb-flash-drive-flaw-exposed
- http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009
- http://www.vupen.com/english/advisories/2010/0078
- http://www.securityfocus.com/bid/37677
- http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9