Published: 13/06/2019 Updated: 21/07/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

An issue exists in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt used for obfuscating the fingerprint image exhibit cleartext when the fingerprint scanner device transfers a fingerprint image to the driver. An attacker who sniffs an encrypted fingerprint image can easily decrypt that image using the key and salt.

Vulnerable Product	Search on Vulmon	Subscribe to Product
crossmatch digital_persona_u.are.u_4500_firmware 24

Multiple Vulnerabilities in UareU 4500 Fingerprint Reader and its Linux/Windows Drivers Cleartext transmission of sensitive information (eg, encryption key) Use of insufficiently random values when generating initialization vector Basic Operation When a user try to use fingerprint authentication, a user might touch a finger on the fingerprint reader device Just after the

CWE-319 https://www.youtube.com/watch?v=wEXJDyEOatM https://www.youtube.com/watch?v=Grirez2xeas https://github.com/sungjungk/fp-scanner-hacking https://nvd.nist.gov https://github.com/sungjungk/fp-scanner-hacking

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-12813

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect