Use of encryption key derived from static information in Synaptics Fingerprint Driver allows
an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may
allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the
template database.
References
Link | Resource |
---|---|
https://www.synaptics.com/sites/default/files/2024-01/fingerprint-driver-encryption-key-security-brief-2024-01-26.pdf | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Synaptics
Published: 2024-01-27T00:19:15.351Z
Updated: 2024-01-29T16:33:12.763Z
Reserved: 2023-12-04T09:46:38.305Z
Link: CVE-2023-6482
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-27T01:15:08.033
Modified: 2024-02-01T04:14:20.480
Link: CVE-2023-6482
JSON object: View
Redhat Information
No data.