Lucene search
MitreCVELIST:CVE-2020-27208HistoryMay 21, 2021 - 11:17 a.m.
CVE-2020-27208
2021-05-2111:17:50
mitre
www.cve.org
0.001 Low
EPSS
Percentile
44.3%
The flash read-out protection (RDP) level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface.
References
eprint.iacr.org/2021/640
github.com/solokeys/solo/commit/a9c02cd354f34b48195a342c7f524abdef5cbcec
solokeys.com
twitter.com/SoloKeysSec
www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html
www.aisec.fraunhofer.de/en/FirmwareProtection.html
Related
suse
suse
Security update for solo (moderate)
2021-07-10 00:00:00
openvas
openvas
openSUSE: Security Advisory for solo (openSUSE-SU-2021:1019-1)
2021-07-13 00:00:00
cve
cve
CVE-2020-27208
2021-05-21 12:15:07
nvd
nvd
CVE-2020-27208
2021-05-21 12:15:07
nessus
nessus
openSUSE 15 Security Update : solo (openSUSE-SU-2021:1019-1)
2021-07-13 00:00:00
prion
prion
Design/Logic Flaw
2021-05-21 12:15:00