Vulnerabilities > CVE-2022-28386 - Improper Restriction of Excessive Authentication Attempts vulnerability in Verbatim products
Attack vector
PHYSICAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 | |
| Hardware | 2 |
Common Weakness Enumeration (CWE)
References
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-004.txt
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-008.txt
- http://seclists.org/fulldisclosure/2022/Jun/11
- http://seclists.org/fulldisclosure/2022/Jun/20
- http://packetstormsecurity.com/files/167492/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-Passcode-Retry.html
- http://packetstormsecurity.com/files/167509/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Behavior-Violation.html
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-046.txt
- http://seclists.org/fulldisclosure/2022/Oct/6