Lucene search

[email protected]CVE-2010-0223

HistoryJan 07, 2010 - 7:30 p.m.

CVE-2010-0223

2010-01-0719:30:00

CWE-264

[email protected]

web.nvd.nist.gov

kingston

usb

drives

vulnerability

password replay

attack

security

cleartext

nvd

6.8 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

25.6%

JSON

Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time.

Affected configurations

NVD

Node

kingstondatatraveler_blackbox

kingstondatatraveler_eliteprivacy

kingstondatatraveler_secureprivacy

CPENameOperatorVersion
kingston:datatraveler_blackboxkingston datatraveler blackboxeq*
kingston:datatraveler_elitekingston datatraveler eliteeq*
kingston:datatraveler_securekingston datatraveler secureeq*

CPE	Name	Operator	Version
kingston:datatraveler_blackbox	kingston datatraveler blackbox	eq	*
kingston:datatraveler_elite	kingston datatraveler elite	eq	*
kingston:datatraveler_secure	kingston datatraveler secure	eq	*

References

www.kingston.com/driveupdate/

www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf

www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9

www.vupen.com/english/advisories/2010/0080

www.ironkey.com/usb-flash-drive-flaw-exposed

6.8 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

25.6%

JSON

Related for CVE-2010-0223

cvelist1 nvd1 prion1