Vulnerabilities > CVE-2021-28653 - Insecure Storage of Sensitive Information vulnerability in Westerndigital Armorlock

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
westerndigital
CWE-922

Summary

The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware.

Vulnerable Configurations

Part Description Count
Application
Westerndigital
2

Common Weakness Enumeration (CWE)