exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Verbatim Store N Go Secure Portable HDD GD25LK01-3637-C VER4.0 Risky Crypto
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the external SSD Verbatim Store n Go Secure Portable HDD, Matthias Deeg found out it uses an insecure design which allows for offline brute-force attacks against the passcode.

tags | advisory
advisories | CVE-2022-28384
SHA-256 | 992893d816c50c6e18dc3b87a2deb353082bfef3a9a95208d73963be95c513e7

Related Files

Verbatim Store 'n' Go Secure Portable SSD Behavior Violation
Posted Oct 10, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the external data storage Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that the device will not lock and require reformatting after 20 failed passcode attempts, as described in the product description and the corresponding user manual.

tags | advisory
advisories | CVE-2022-28386
SHA-256 | 08145b3fed5af98f2c1a58867fcffc5c6a963943711eed8b147ca33d079c84b8
Verbatim Store 'n' Go Secure Portable SSD Missing Trust
Posted Oct 10, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the external data storage Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16).

tags | advisory
advisories | CVE-2022-28383
SHA-256 | d39be10e67c9b627d81d5563e3043fc1643ed064d12773022e54946e4d13c40c
Verbatim Store 'n' Go Secure Portable SSD Weak Cryptography
Posted Oct 10, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the external storage device Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode.

tags | advisory
advisories | CVE-2022-28382
SHA-256 | 94cc2f212c629f6d55adb277c12c057ade203121d15ef2c833dae91f93644f56
Verbatim Store 'n' Go Secure Portable SSD Weak Cryptography
Posted Oct 10, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the external storage device Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that it uses an insecure design which allows for offline brute-force attacks against the passcode.

tags | advisory
advisories | CVE-2022-28384
SHA-256 | 1eec8f74130bb65d97f78635534eca25e6988ba281f9bc35cc664431829d03d5
Lepin EP-KP001 KP001_V19 Authentication Bypass
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the USB flash drive Lepin EP-KP001, Matthias Deeg found out that it uses an insecure hardware design which allows an attacker to bypass the password-based user authentication.

tags | exploit
advisories | CVE-2022-29948
SHA-256 | aab63ef3bc7b1c7a28a491f23ff3e38331ea8654041288aca94a8bd6d5435366
Verbatim Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 Insufficient Verification
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out that the content of the emulated CD-ROM drive containing the Windows and macOS client software can be manipulated. The content of this emulated CD-ROM drive is stored as ISO-9660 image in the "hidden" sectors of the USB drive that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure.

tags | advisory
systems | windows
advisories | CVE-2022-28385
SHA-256 | 26ff4e832d69529801ce9581fa340d311be8da080d073cf03ef28644ddb30a51
Verbatim Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 Missing Trust
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01D), which then gets successfully executed by the USB-to-SATA bridge controller.

tags | advisory
advisories | CVE-2022-28383
SHA-256 | 6fe888a83e3d60fa3dff9cbd864af7c01af27b2dbd4a6cda8d208d3d0a240337
Verbatim Fingerprint Secure Portable Hard Drive #53650 Insufficient Verification
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the Verbatim Fingerprint Secure Portable Hard Drive, Matthias Deeg found out that the content of the emulated CD-ROM drive containing the Windows and macOS client software can be manipulated. The content of this emulated CD-ROM drive is stored as ISO-9660 image in the "hidden" sectors of the USB drive that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure.

tags | advisory
systems | windows
advisories | CVE-2022-28385
SHA-256 | 820817b00f35d5e9cdd824108c5f8d3d74d064b3343d74f7c689cef4f9919f97
Verbatim Fingerprint Secure Portable Hard Drive #53650 Missing Trust
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the Fingerprint Secure Portable Hard Drive, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01B), which then gets successfully executed by the USB-to-SATA bridge controller.

tags | advisory
advisories | CVE-2022-28383
SHA-256 | 5cf09b9a6a7dc17bc2bc9248633676029f1f2f7c319f1bda1a93395588b69053
Verbatim Fingerprint Secure Portable Hard Drive #53650 Risky Crypto
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the Verbatim Fingerprint Secure Portable Hard Drive, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode. This operation mode of block ciphers like AES encrypts identical plaintext data, in this case blocks of 16 bytes, always to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion concerning the ECB mode can leak sensitive information even in encrypted data.

tags | advisory
advisories | CVE-2022-28382
SHA-256 | 5957d6ef4f65feb57e39fb3699989b7271db9a941fefc0a0ecfcc6d07e41f538
Verbatim Fingerprint Secure Portable Hard Drive #53650 Risky Crypto
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the Verbatim Fingerprint Secure Portable Hard Drive, Matthias Deeg found out it uses an insecure design which allows retrieving the currently used password and thus the ability to unlock and access the stored data in an unauthorized way.

tags | advisory
advisories | CVE-2022-28387
SHA-256 | bf98542c479e3621d63c8f97f240d1176143d928dd39fcee82bda83c3c2f65d1
Verbatim Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 Risky Crypto
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode. This operation mode of block ciphers like AES encrypts identical plaintext data, in this case blocks of 16 bytes, always to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion concerning the ECB mode can leak sensitive information even in encrypted data.

tags | advisory
advisories | CVE-2022-28382
SHA-256 | 859d87ae63633787bdbe010be7b03817fc47a4dc9d6e5a47c6b19c31de4fe3cc
Verbatim Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 Risky Crypto
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out it uses an insecure design which allows retrieving the currently used password and thus the ability to unlock and access the stored data in an unauthorized way.

tags | advisory
advisories | CVE-2022-28387
SHA-256 | 6d66162caa87e1410113575c6a6d6f93e01bfe781f0ffa5dbe090641a9dac682
Verbatim Store N Go Secure Portable HDD GD25LK01-3637-C VER4.0 Behavior Violation
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the external SSD Verbatim Store n Go Secure Portable HDD, Matthias Deeg found out that the device will not lock and require reformatting after 20 failed passcode attempts, as described in the product description] and the corresponding user manual. Thus, an attacker with physical access to such an external SSD can try more passcodes in order to unlock the device. During the security analysis, SySS could not find out how many failed passcode attempts would actually lock the device and require reformatting it, as this device state was never reached.

tags | advisory
advisories | CVE-2022-28386
SHA-256 | 2ceb86673a9c736cebd67a39527a5eb8f328102b032e0b9271b870c40377d572
Verbatim Store N Go Secure Portable HDD GD25LK01-3637-C VER4.0 Missing Trust
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the external SSD Verbatim Store n Go Secure Portable HDD, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01D), which then gets successfully executed by the USB-to-SATA bridge controller. For instance, this security vulnerability could be exploited in a so-called "supply chain attack" when the device is still on its way to its legitimate user. An attacker with temporary physical access during the supply could program a modified firmware on the Verbatim Keypad Secure, which always uses an attacker-controlled AES key for the data encryption, for example. If, later on, the attacker gains access to the used USB drive, he can simply decrypt all contained user data.

tags | advisory
advisories | CVE-2022-28383
SHA-256 | 7098d1b68edc002a1e51f5c5258de96984b038b74b703b8420355811a28fb504
Verbatim Store N Go Secure Portable HDD GD25LK01-3637-C VER4.0 Risky Crypto
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the external SSD Verbatim Store 'n' Go Secure Portable HDD, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode. This operation mode of block ciphers like AES encrypts identical plaintext data, in this case blocks of 16 bytes, always to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion concerning the ECB mode can leak sensitive information even in encrypted data.

tags | advisory
advisories | CVE-2022-28382
SHA-256 | 0a41b12ec159b56c4a817b283683266a073263b88ea74e74ebd6d5ec636346de
Verbatim Keypad Secure USB 3.2 Gen 1 Drive Passcode Retry
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the USB drive Verbatim Keypad Secure, Matthias Deeg found out that the device will not lock and require reformatting after 20 failed passcode attempts, as described in the product description and the corresponding user manual. Thus, an attacker with physical access to such a USB drive can try more passcodes in order to unlock the device. During the security analysis, SySS could not find out how many failed passcode attempts would actually lock the device and require reformatting it, as this device state was never reached.

tags | advisory
advisories | CVE-2022-28386
SHA-256 | 804a05333025641223da065ca26bc382662a75dcb6a1c913f590cb580995be6e
Verbatim Keypad Secure USB 3.2 Gen 1 Drive ECB Issue
Posted Jun 20, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the USB drive Verbatim Keypad Secure, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode. This operation mode of block ciphers like AES encrypts identical plaintext data, in this case blocks of 16 bytes, always to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion concerning the ECB mode can leak sensitive information even in encrypted data.

tags | advisory
advisories | CVE-2022-28382
SHA-256 | 870e1158dd8a0f1a4262a0e47ae8e997a02f327d39289e77fef1eba7910be322
Verbatim Keypad Secure USB 3.2 Gen 1 Drive Missing Control
Posted Jun 19, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the USB drive Verbatim Keypad Secure version 3.2 Gen 1 Drive, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01D), which then gets successfully executed by the USB-to-SATA bridge controller.

tags | advisory
advisories | CVE-2022-28383
SHA-256 | 52c1bd34c6801f46e1bba55d25c92e6597c84cbd41ec64b03d514cd0fa54e98f
Verbatim Keypad Secure USB 3.2 Gen 1 Drive Cryptography Issue
Posted Jun 19, 2022
Authored by Matthias Deeg | Site syss.de

When analyzing the USB drive Verbatim Keypad Secure version 3.2 Gen 1 Drive, Matthias Deeg found out it uses an insecure design which allows for offline brute-force attacks against the passcode.

tags | advisory
advisories | CVE-2022-28384
SHA-256 | 3ed883a011f776ec342336cc3c9cfdade67dfbd44f04b20239f15f16a6dc912e
Protectimus SLIM NFC Time Manipulation
Posted Jun 18, 2021
Authored by Matthias Deeg | Site syss.de

When analyzing the Protectimus SLIM TOTP hardware token, Matthias Deeg found out that the time used by the Protectimus SLIM TOTP hardware token can be set independently from the used seed value for generating time-based one-time passwords without requiring any authentication.

tags | advisory
advisories | CVE-2021-32033
SHA-256 | 18da959eb49ff3d5b8d29ab92f7247fff8490774b451cce50831a03dc291d6c0
MATESO GmbH Password Safe And Repository Enterprise 7.4.4 Build 2247 Credential Management
Posted Apr 11, 2017
Authored by Matthias Deeg | Site syss.de

MATESO GmbH Password Safe and Repository Enterprise 7.4.4 build 2247 suffers from poor credential management using unsalted MD5 hashes.

tags | exploit
SHA-256 | 5105c7b2f62190c0c64b2e7931b0d6a3d0fb7d876c939151bd3f4bae8acd7cdb
MATESO GmbH Password Safe And Repository Enterprise 7.4.4 Build 2247 SQL Injection
Posted Apr 11, 2017
Authored by Matthias Deeg | Site syss.de

MATESO GmbH Password Safe and Repository Enterprise version 7.4.4 build 2247 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9046651535626d2b33a64b0d5d4c33312e2e5842f722ec1cffb1649ca49e6f7b
innovaphone IP222 UDP Denial Of Service
Posted Mar 24, 2016
Authored by Sven Freund | Site syss.de

The innovaphone IP222 offers different protocols, like H.323 or SIP, to fulfil the various requirements. The discovered vulnerability was found in the protocol SIP/UDP. Therefore a specially crafted SIP request to the open 5060/UDP port causes a denial of service condition by crashing the innovaphone IP222 phone immediately. Remote code execution via this security vulnerability may also be possible, but was not confirmed by the SySS GmbH.

tags | exploit, remote, denial of service, udp, code execution, protocol
SHA-256 | cfc0d7614928d7e4d648a995ef8fdeb119a75e0ac44cc1cd7ece00e5e46a6931
innovaphone IP222 / IP232 Denial Of Service
Posted Mar 5, 2016
Authored by Alexander Brachmann | Site syss.de

innovaphone versions IP222 and IP232 suffer from a remote denial of service vulnerability.

tags | exploit, remote, denial of service
SHA-256 | 82d16c58171e185f50439ca2a3e3a97783090e29049d727064dcd3b319f9348e
Page 1 of 4
Back1234Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    10 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close