An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The attacker can simply use an undocumented IOCTL command that retrieves the correct password. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/167527/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html | Exploit Mailing List Third Party Advisory |
http://packetstormsecurity.com/files/167531/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html | Exploit Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2022/Jun/13 | Exploit Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2022/Jun/21 | Exploit Mailing List Third Party Advisory |
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-009.txt | Exploit Third Party Advisory |
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-014.txt | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-06-08T15:29:51
Updated: 2022-06-20T18:07:09
Reserved: 2022-04-03T00:00:00
Link: CVE-2022-28387
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-06-08T16:15:08.513
Modified: 2022-06-21T17:42:50.717
Link: CVE-2022-28387
JSON object: View
Redhat Information
No data.
CWE