Vulnerability Description
Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kingston | Datatraveler Blackbox | All versions |
| Kingston | Datatraveler Elite | All versions |
| Kingston | Datatraveler Secure | All versions |
Related Weaknesses (CWE)
References
- http://www.kingston.com/driveupdate/Vendor Advisory
- http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_k
- http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9
- http://www.vupen.com/english/advisories/2010/0080
- https://www.ironkey.com/usb-flash-drive-flaw-exposed
- http://www.kingston.com/driveupdate/Vendor Advisory
- http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_k
- http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9
- http://www.vupen.com/english/advisories/2010/0080
- https://www.ironkey.com/usb-flash-drive-flaw-exposed
FAQ
What is CVE-2010-0223?
CVE-2010-0223 is a vulnerability with a CVSS score of 2.1 (LOW). Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives do not prevent password replay attacks, which allows p...
How severe is CVE-2010-0223?
CVE-2010-0223 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0223?
Check the references section above for vendor advisories and patch information. Affected products include: Kingston Datatraveler Blackbox, Kingston Datatraveler Elite, Kingston Datatraveler Secure.