3 matches found
CVE-2019-18672
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing...
CVE-2019-18672
creationtimestamp| type| source ---|---|--- 2024-03-09 06:36:47+00:00| seen| https://t.me/ctinow/203774...
CVE-2019-18672
The affected product is the ShapeShift KeepKey hardware wallet. The issue stems from insufficient checks in the device’s finite state machine prior to firmware 6.2.2, which allows a partial reset of cryptographic secrets to known values via crafted messages. This vulnerability can compromise U2F ...