Vulnerabilities > CVE-2021-28653 - Insecure Storage of Sensitive Information vulnerability in Westerndigital Armorlock

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

westerndigital

CWE-922

NVD

Published: 2021-03-19

Updated: 2021-08-27

Summary

The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware.

Vulnerable Configurations

Part	Description	Count
Application	Westerndigital Westerndigital Armorlock -	2

Common Weakness Enumeration (CWE)

CWE-922 - Insecure Storage of Sensitive Information

References

https://www.westerndigital.com/support/productsecurity/wdc-21003-armorLock-insecure-key-storage-vulnerability