There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader v24. The key for obfuscating the fingerprint image is vulnerable to brute-force attacks. This allows an attacker to recover the key and decrypt that image using the key. Successful exploitation causes a sensitive biometric information leak.
References
Link | Resource |
---|---|
https://github.com/sungjungk/fp-img-key-crack | Third Party Advisory |
https://www.youtube.com/watch?v=7tKJQdKRm2k | Exploit Third Party Advisory |
https://www.youtube.com/watch?v=BwYK_xZlKi4 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-07-15T13:47:12
Updated: 2019-07-15T13:47:12
Reserved: 2019-07-14T00:00:00
Link: CVE-2019-13604
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-07-15T14:15:11.750
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-13604
JSON object: View
Redhat Information
No data.
CWE