Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an malicious user to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
synaptics fingerprint driver |