CVE-2021-26824

Published: Jul 26, 2021Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

DM FingerTool v1.19 in the DM PD065 Secure USB is susceptible to improper authentication by a replay attack, allowing local attackers to bypass user authentication and access all features and data on the USB.

Affected (1)

Products: Dm Fingertool Project: Dm Fingertool

Dm Fingertool Project

1 product

Dm Fingertool

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dm Fingertool Project Dm Fingertool	Version 1.19

Related CWEs

CWE-294

Authentication Bypass by Capture-replay

A capture-replay flaw exists when the design of the product makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).

References (4)

https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-xvrv-w76r-gh28

Source: cve@mitre.org

ExploitThird Party Advisory

https://sites.google.com/view/boss-lab

Source: cve@mitre.org

Third Party Advisory

https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-xvrv-w76r-gh28

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://sites.google.com/view/boss-lab

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.