CVE-2024-29941 Credential Cloning

2024-05-0622:33:03

ICT

www.cve.org

credential cloning

ict mifare

desfire encryption

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware
binary allows malicious actors to create credentials for any site code and card number that is using the default
ICT encryption.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "TSEC",
    "vendor": "Integrated Control Technology",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      }
    ]
  }
]

References

ict.co/media/1xdhaugi/credential-cloning.pdf