Use of encryption key derived from static information in Synaptics Fingerprint Driver allows
an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may
allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the
template database.
References
Link | Resource |
---|---|
https://www.synaptics.com/sites/default/files/2024-01/fingerprint-driver-encryption-key-security-brief-2024-01-26.pdf | Vendor Advisory |
Configurations
History
01 Feb 2024, 04:14
Type | Values Removed | Values Added |
---|---|---|
First Time |
Synaptics
Synaptics fingerprint Driver |
|
CWE | CWE-798 | |
CPE | cpe:2.3:a:synaptics:fingerprint_driver:*:*:*:*:*:*:*:* | |
References | () https://www.synaptics.com/sites/default/files/2024-01/fingerprint-driver-encryption-key-security-brief-2024-01-26.pdf - Vendor Advisory |
29 Jan 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-321 |
29 Jan 2024, 14:25
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
27 Jan 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-27 01:15
Updated : 2024-02-01 04:14
NVD link : CVE-2023-6482
Mitre link : CVE-2023-6482
CVE.ORG link : CVE-2023-6482
JSON object : View
Products Affected
synaptics
- fingerprint_driver