QwikSec

Security Database

CVE

CWE

Training

CVE-2022-28387

Published: Jun 8, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The attacker can simply use an undocumented IOCTL command that retrieves the correct password. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-009.txt

x_refsource_MISC

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-014.txt

x_refsource_MISC

20220610 [SYSS-2022-009]: Verbatim Executive Fingerprint Secure SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28387)

mailing-list

x_refsource_FULLDISC

20220610 [SYSS-2022-014]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28387)

mailing-list

x_refsource_FULLDISC

http://packetstormsecurity.com/files/167527/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html

x_refsource_MISC

http://packetstormsecurity.com/files/167531/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.