Vulnerability Description
SanDisk Cruzer Enterprise USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sandisk | Cruzer Enterprise Usb | All versions |
Related Weaknesses (CWE)
References
- http://www.sandisk.com/business-solutions/enterprise/technical-support/security-Vendor Advisory
- http://www.securityfocus.com/bid/37677
- http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_k
- http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9
- http://www.vupen.com/english/advisories/2010/0078
- https://www.ironkey.com/usb-flash-drive-flaw-exposed
- http://www.sandisk.com/business-solutions/enterprise/technical-support/security-Vendor Advisory
- http://www.securityfocus.com/bid/37677
- http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_k
- http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9
- http://www.vupen.com/english/advisories/2010/0078
- https://www.ironkey.com/usb-flash-drive-flaw-exposed
FAQ
What is CVE-2010-0226?
CVE-2010-0226 is a vulnerability with a CVSS score of 4.6 (MEDIUM). SanDisk Cruzer Enterprise USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captur...
How severe is CVE-2010-0226?
CVE-2010-0226 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0226?
Check the references section above for vendor advisories and patch information. Affected products include: Sandisk Cruzer Enterprise Usb.