Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Keurig 2.0 Authentication Bypass

🗓️ 09 Dec 2014 00:00:00Reported by Kenneth BucklerType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 36 Views

Keurig 2.0 Coffee Maker authentication bypass vulnerability allows unauthorized use of non-genuine K-Cup

Code
`*Overview*  
  
  
Keurig 2.0 Coffee Maker contains a vulnerability in which the authenticity  
of coffee pods, known as K-Cups, uses weak verification methods, which are  
subject to a spoofing attack through re-use of a previously verified K-Cup.  
  
  
*Impact*  
  
  
CVSS Base Score: 4.9  
  
Impact Subscore: 6.9  
  
Exploitability Subscore: 3.9  
  
  
Access Vector: Local  
  
Access Complexity: Low  
  
Authentication: None  
  
  
Confidentiality Impact: None  
  
Integrity Impact: Complete  
  
Availability Impact: None  
  
  
*Vulnerable Versions*  
  
Keurig 2.0 Coffee Maker  
  
  
*Technical Details*  
  
  
Keurig 2.0 is designed to only use genuine Keurig approved coffee K-Cups.  
However, a flaw in the verification method allows an attacker to use  
unauthorized K-Cups. The Keurig 2.0 does verify that the K-Cup foil lid  
used for verification is not re-used.  
  
  
Step 1: Attacker uses a genuine K-Cup in the Keurig machine to brew coffee  
or hot chocolate.  
  
Step 2: After brewing is complete, attacker removes the genuine K-Cup from  
the Keurig and uses a knife or scissors to carefully remove the full foil  
lid from the K-Cup, ensuring to keep the full edges intact. Attacker keeps  
this for use in the attack.  
  
Step 3: Attacker inserts a non-genuine K-Cup in the Keurig, and closes the  
lid. Attacker should receive an "oops" error message stating that the K-Cup  
is not genuine.  
  
Step 4: Attacker opens the Keurig, leaving the non-genuine K-Cup in the  
Keurig, and carefully places the previously saved genuine K-Cup lid on top  
of the non-genuine K-Cup, lining up the puncture hole to keep the lid in  
place.  
  
Step 5: Attacker closes the Keurig, and is able to brew coffee using the  
non-genuine K-Cup.  
  
  
Since no fix is currently available, owners of Keurig 2.0 systems may wish  
to take additional steps to secure the device, such as keeping the device  
in a locked cabinet, or using a cable lock to prevent the device from being  
plugged in when not being used by an authorized user.  
  
  
Please note that a proof of concept is already available online.  
  
  
*Credit: *  
  
Proof of concept at http://www.keurighack.com/  
  
Vulnerability Writeup by Ken Buckler, Caffeine Security  
http://caffeinesecurity.blogspot.com  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
09 Dec 2014 00:00Current
0.8Low risk
Vulners AI Score0.8
keurig 2.0authentication bypassk-cupsvulnerabilitynon-genuineexploitsecurityproof of conceptcoffee maker
36