Back to search
CVE-2020-12061
Published: May 21, 2021
Modified: Aug 4, 2024
PUBLISHED
Description
An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a result, the attacker is able to arbitrarily manipulate the firmware of the microcontroller.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/Nitrokey/nitrokey-fido-u2f-firmware/releases
x_refsource_MISC
https://eprint.iacr.org/2021/640.pdf
x_refsource_MISC
https://cwe.mitre.org/data/definitions/523.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now