62 matches found
CVE-2019-18672
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing...
CVE-2019-18671
Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attacke...
CVE-2019-18671
Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attacke...
Design/Logic Flaw
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing...
Design/Logic Flaw
Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attacke...
CVE-2019-18672
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing...
CVE-2019-18672
The affected product is the ShapeShift KeepKey hardware wallet. The issue stems from insufficient checks in the device’s finite state machine prior to firmware 6.2.2, which allows a partial reset of cryptographic secrets to known values via crafted messages. This vulnerability can compromise U2F ...
CVE-2019-18671
Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attacke...
CVE-2019-18671
CVE-2019-18671 affects the ShapeShift KeepKey hardware wallet. Insufficient checks in USB packet handling allow out-of-bounds writes in the .bss segment on firmware up to 6.2.1, with potential code execution or other impact. The issue can be triggered by unauthenticated users and is reachable via...
PT-2019-15571 · Shapeshift · Keepkey
Name of the Vulnerable Software and Affected Versions: ShapeShift KeepKey hardware wallet versions prior to 6.2.2 Description: The issue is related to insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet. This allows a partial reset of cryptographic secrets to...
ShapeShift KeepKey Information Disclosure Vulnerability
ShapeShift KeepKey is an e-wallet device for cryptocurrency storage. An information disclosure vulnerability exists in ShapeShift KeepKey, which can be exploited by unauthorized attackers to obtain sensitive information about affected components...
CVE-2019-14355
On ShapeShift KeepKey devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be abl...
Design/Logic Flaw
DISPUTED On ShapeShift KeepKey devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable mig...
CVE-2019-14355
On ShapeShift KeepKey devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be abl...
CVE-2019-14355
ShapeShift KeepKey devices are affected by a side-channel vulnerability affecting the row-based OLED display. The power consumption of each display cycle depends on the number of illuminated pixels, enabling partial recovery of the displayed secret data when an attacker can measure device power v...
PT-2019-13634 · Shapeshift · Keepkey
Name of the Vulnerable Software and Affected Versions: ShapeShift KeepKey devices affected versions not specified Description: A side channel vulnerability was discovered related to the row-based OLED display on ShapeShift KeepKey devices. The power consumption of each display cycle varies based ...
KEY HODLERS KeepKey Formatted String Vulnerability
KEY HODLERS KeepKey is a device for storing bitcoins from KEY HODLERS USA. A formatting string vulnerability exists in KEY HODLERS KeepKey version 4.0.0. An attacker could exploit this vulnerability to access information to which they are not authorized to have access...
CVE-2018-6875
Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display of information that should not be accessible, related to text containing characters that the device's font lacks...
CVE-2018-6875
Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display of information that should not be accessible, related to text containing characters that the device's font lacks...
Format string
Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display of information that should not be accessible, related to text containing characters that the device's font lacks...