Vulnerabilities (CVE)

Filtered by vendor Nitrokey Subscribe
Filtered by product Fido2 Firmware
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-27208 2 Nitrokey, Solokeys 6 Fido2, Fido2 Firmware, Solo and 3 more 2024-02-04 4.6 MEDIUM 6.8 MEDIUM
The flash read-out protection (RDP) level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface.