Tag
#ssl
When analyzing the external SSD Verbatim Store n Go Secure Portable HDD, Matthias Deeg found out that the device will not lock and require reformatting after 20 failed passcode attempts, as described in the product description] and the corresponding user manual. Thus, an attacker with physical access to such an external SSD can try more passcodes in order to unlock the device. During the security analysis, SySS could not find out how many failed passcode attempts would actually lock the device and require reformatting it, as this device state was never reached.
When analyzing the external SSD Verbatim Store n Go Secure Portable HDD, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01D), which then gets successfully executed by the USB-to-SATA bridge controller. For instance, this security vulnerability could be exploited in a so-called "supply chain attack" when the device is still on its way to its legitimate user. An attacker with temporary physical access during the supply could program a modified firmware on the Verbatim Keypad Secure, which always uses an attacker-controlled AES key for the data encryption, for example. If, later on, the attacker gains access to the used USB drive, he can simply decrypt all contained user data.
When analyzing the external SSD Verbatim Store 'n' Go Secure Portable HDD, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode. This operation mode of block ciphers like AES encrypts identical plaintext data, in this case blocks of 16 bytes, always to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion concerning the ECB mode can leak sensitive information even in encrypted data.
When analyzing the external SSD Verbatim Store n Go Secure Portable HDD, Matthias Deeg found out it uses an insecure design which allows for offline brute-force attacks against the passcode.
When analyzing the USB drive Verbatim Keypad Secure version 3.2 Gen 1 Drive, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01D), which then gets successfully executed by the USB-to-SATA bridge controller.
When analyzing the USB drive Verbatim Keypad Secure version 3.2 Gen 1 Drive, Matthias Deeg found out it uses an insecure design which allows for offline brute-force attacks against the passcode.
Red Hat Security Advisory 2022-4991-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.
Marval MSM version 14.19.0.12476 suffers from a cross site request forgery vulnerability.
Red Hat Security Advisory 2022-4992-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.
Red Hat Security Advisory 2022-4993-01 - XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm, which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short.