An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. It has a statically coded initialization vector to encrypt a user's fingerprint image, resulting in weak encryption of that. This, in combination with retrieving an encrypted fingerprint image and encryption key (through another vulnerability), allows an attacker to obtain a user's fingerprint image.
References
| Link | Resource |
|---|---|
| https://github.com/sungjungk/fp-scanner-hacking | Exploit Third Party Advisory |
| https://www.youtube.com/watch?v=Grirez2xeas | Exploit Third Party Advisory |
| https://www.youtube.com/watch?v=wEXJDyEOatM | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
13 Sep 2021, 11:20
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:crossmatch:digital_persona_u.are.u_4500_driver_firmware:5.0.0.5:*:*:*:*:*:*:* |
cpe:2.3:h:hidglobal:digital_persona_u.are.u_4500:-:*:*:*:*:*:*:* cpe:2.3:o:hidglobal:digital_persona_u.are.u_4500_driver_firmware:5.0.0.5:*:*:*:*:*:*:* |
| CWE |
Information
Published : 2019-07-16 17:15
Updated : 2023-12-10 12:59
NVD link : CVE-2019-13603
Mitre link : CVE-2019-13603
CVE.ORG link : CVE-2019-13603
JSON object : View
Products Affected
hidglobal
- digital_persona_u.are.u_4500_driver_firmware
- digital_persona_u.are.u_4500
CWE
CWE-330
Use of Insufficiently Random Values