CVE-2010-0225

SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.
References
Link Resource
http://blogs.zdnet.com/hardware/?p=6655 Broken Link
http://it.slashdot.org/story/10/01/05/1734242/ Third Party Advisory
http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html Third Party Advisory
http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009 Vendor Advisory
http://www.securityfocus.com/bid/37677 Third Party Advisory VDB Entry
http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf Broken Link
http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9
http://www.vupen.com/english/advisories/2010/0078 Third Party Advisory
https://www.ironkey.com/usb-flash-drive-flaw-exposed Broken Link
http://blogs.zdnet.com/hardware/?p=6655 Broken Link
http://it.slashdot.org/story/10/01/05/1734242/ Third Party Advisory
http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html Third Party Advisory
http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009 Vendor Advisory
http://www.securityfocus.com/bid/37677 Third Party Advisory VDB Entry
http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf Broken Link
http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9
http://www.vupen.com/english/advisories/2010/0078 Third Party Advisory
https://www.ironkey.com/usb-flash-drive-flaw-exposed Broken Link
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:sandisk:cruzer_enterprise_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sandisk:cruzer_enterprise:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:11

Type Values Removed Values Added
References () http://blogs.zdnet.com/hardware/?p=6655 - Broken Link () http://blogs.zdnet.com/hardware/?p=6655 - Broken Link
References () http://it.slashdot.org/story/10/01/05/1734242/ - Third Party Advisory () http://it.slashdot.org/story/10/01/05/1734242/ - Third Party Advisory
References () http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html - Third Party Advisory () http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html - Third Party Advisory
References () http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009 - Vendor Advisory () http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009 - Vendor Advisory
References () http://www.securityfocus.com/bid/37677 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/37677 - Third Party Advisory, VDB Entry
References () http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf - Broken Link () http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf - Broken Link
References () http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9 - () http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9 -
References () http://www.vupen.com/english/advisories/2010/0078 - Third Party Advisory () http://www.vupen.com/english/advisories/2010/0078 - Third Party Advisory
References () https://www.ironkey.com/usb-flash-drive-flaw-exposed - Broken Link () https://www.ironkey.com/usb-flash-drive-flaw-exposed - Broken Link

10 Feb 2022, 17:04

Type Values Removed Values Added
References (MISC) http://www.syss.de/index.php?id=108&tx_ttnews[tt_news]=528&cHash=8d16fa63d9 - (MISC) http://www.syss.de/index.php?id=108&tx_ttnews[tt_news]=528&cHash=8d16fa63d9 - Broken Link
References (MISC) http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf - (MISC) http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf - Broken Link
References (VUPEN) http://www.vupen.com/english/advisories/2010/0078 - (VUPEN) http://www.vupen.com/english/advisories/2010/0078 - Third Party Advisory
References (BID) http://www.securityfocus.com/bid/37677 - (BID) http://www.securityfocus.com/bid/37677 - Third Party Advisory, VDB Entry
References (MISC) http://blogs.zdnet.com/hardware/?p=6655 - (MISC) http://blogs.zdnet.com/hardware/?p=6655 - Broken Link
References (MISC) https://www.ironkey.com/usb-flash-drive-flaw-exposed - (MISC) https://www.ironkey.com/usb-flash-drive-flaw-exposed - Broken Link
References (MISC) http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html - (MISC) http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html - Third Party Advisory
References (MISC) http://it.slashdot.org/story/10/01/05/1734242/ - (MISC) http://it.slashdot.org/story/10/01/05/1734242/ - Third Party Advisory
CPE cpe:2.3:h:scandisk:cruzer_enterprise_usb:*:*:*:*:*:*:*:* cpe:2.3:o:sandisk:cruzer_enterprise_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sandisk:cruzer_enterprise:-:*:*:*:*:*:*:*
CWE CWE-310 CWE-312

Information

Published : 2010-01-07 19:30

Updated : 2024-11-21 01:11


NVD link : CVE-2010-0225

Mitre link : CVE-2010-0225

CVE.ORG link : CVE-2010-0225


JSON object : View

Products Affected

sandisk

  • cruzer_enterprise
  • cruzer_enterprise_firmware
CWE
CWE-312

Cleartext Storage of Sensitive Information