1. Home
  2. CVE Database
  3. CVE-2021-32033
MEDIUM · 4.6

CVE-2021-32033

Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict TOTP passwords in certain situations. The time value used by the device can be set independently from ...

Vulnerability Description

Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict TOTP passwords in certain situations. The time value used by the device can be set independently from the used seed value for generating time-based one-time passwords, without authentication. Thus, an attacker with short-time physical access to a device can set the internal real-time clock (RTC) to the future, generate one-time passwords, and reset the clock to the current time. This allows the generation of valid future time-based one-time passwords without having further access to the hardware token.

CVSS Score

4.6

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
ProtectimusSlim Nfc 70 Firmware10.01
ProtectimusSlim Nfc 70-

Related Weaknesses (CWE)

CWE-335

References

FAQ

What is CVE-2021-32033?

CVE-2021-32033 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict TOTP passwords in certain situations. The time value used by the device can be set independently from ...

How severe is CVE-2021-32033?

CVE-2021-32033 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-32033?

Check the references section above for vendor advisories and patch information. Affected products include: Protectimus Slim Nfc 70 Firmware, Protectimus Slim Nfc 70.