Lucene search
K

28 matches found

Prion
Prion
added 2021/05/21 12:15 p.m.18 views

Code injection

An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a result, the attack...

5CVSS9.2AI score0.01853EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2021/05/21 12:15 p.m.21 views

Design/Logic Flaw

The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...

4.6CVSS6.6AI score0.00328EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2021/05/21 11:17 a.m.139 views

CVE-2020-27208

The CVE-2020-27208 issue affects SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token, where the flash read-out protection (RDP) level is not enforced during device initialization, enabling an attacker with physical access to downgrade RDP and read secrets (e.g., private ECC keys) from SRAM vi...

6.8CVSS6.5AI score0.00328EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2021/05/21 11:17 a.m.48 views

CVE-2020-27208

The flash read-out protection RDP level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface...

6.6AI score0.00328EPSS
Exploits1References6
Cvelist
Cvelist
added 2021/05/21 11:3 a.m.22 views

CVE-2020-12061

An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a result, the attack...

9.3AI score0.01853EPSS
Exploits1References4
CVE
CVE
added 2021/05/21 11:3 a.m.51 views

CVE-2020-12061

The CVE-2020-12061 entry concerns Nitrokey FIDO U2F firmware up to version 1.1, where plain-text communication between the microcontroller and the secure element allows an attacker to eavesdrop on credentials and derive secrets stored in the microcontroller, enabling arbitrary manipulation of the...

9.8CVSS9.2AI score0.01853EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2021/05/21 12:0 a.m.19 views

SoloKeys Solo 加密问题漏洞

SoloKeys Solo is an open source security key. SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token suffers from a security vulnerability that stems from not enforcing the flash readout protection RDP level. This allows an attacker to lower the RDP level...

6.8CVSS6.6AI score0.00328EPSS
Exploits1References8
CNNVD
CNNVD
added 2021/05/21 12:0 a.m.5 views

Nitrokey FIDO U2F 安全漏洞

Nitrokey FIDO2 is an open source security key that supports FIDO2 and U2F standards for strong two-factor authentication and passwordless login. A security vulnerability exists in Nitrokey FIDO U2F firmware version 1.1 and prior versions, which stems from the fact that communications between the...

9.8CVSS8.3AI score0.01853EPSS
Exploits1References5
Rows per page
Query Builder