CVE-2019-12813

Published: Jun 13, 2019Modified: Nov 21, 2024

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt used for obfuscating the fingerprint image exhibit cleartext when the fingerprint scanner device transfers a fingerprint image to the driver. An attacker who sniffs an encrypted fingerprint image can easily decrypt that image using the key and salt.

Affected (1)

Products: Crossmatch: Digital Persona U.are.u 4500 Firmware

1 product

Digital Persona U.are.u 4500 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Crossmatch Digital Persona U.are.u 4500 Firmware	Version 24

Running on/with	Platform Versions
Crossmatch Digital Persona U.are.u 4500	All versions

Related CWEs

Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References (6)

https://github.com/sungjungk/fp-scanner-hacking

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.youtube.com/watch?v=Grirez2xeas

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.youtube.com/watch?v=wEXJDyEOatM

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/sungjungk/fp-scanner-hacking

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.youtube.com/watch?v=Grirez2xeas

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.youtube.com/watch?v=wEXJDyEOatM

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.