CVE-2010-0222 - OpenCVE

Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kingston	Datatraveler Blackbox Datatraveler Elite Datatraveler Secure

Configuration 1 [-]

OR	cpe:2.3:h:kingston:datatraveler_blackbox::::::::
	cpe:2.3:h:kingston:datatraveler_elite:::privacy:::::*
	cpe:2.3:h:kingston:datatraveler_secure:::privacy:::::*

No data.

References

Link	Providers
http://blogs.zdnet.com/hardware/?p=6655
http://it.slashdot.org/story/10/01/05/1734242/
http://news.zdnet.co.uk/security/0%2C1000000189%2C39963327%2C00.htm
http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html
http://www.kingston.com/driveupdate/
http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf
http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9
http://www.vupen.com/english/advisories/2010/0080
https://www.ironkey.com/usb-flash-drive-flaw-exposed

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-01-07T19:00:00

Updated: 2024-08-07T00:45:10.665Z

Reserved: 2010-01-07T00:00:00

Link: CVE-2010-0222

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-01-07T19:30:00.497

Modified: 2023-11-07T02:05:01.770

Link: CVE-2010-0222

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-01-04T00:00:00", "descriptions": [{"lang": "en", "value": "Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-03-26T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.kingston.com/driveupdate/"}, {"tags": ["x_refsource_MISC"], "url": "http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9"}, {"tags": ["x_refsource_MISC"], "url": "http://it.slashdot.org/story/10/01/05/1734242/"}, {"tags": ["x_refsource_MISC"], "url": "http://news.zdnet.co.uk/security/0%2C1000000189%2C39963327%2C00.htm"}, {"tags": ["x_refsource_MISC"], "url": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html"}, {"tags": ["x_refsource_MISC"], "url": "http://blogs.zdnet.com/hardware/?p=6655"}, {"tags": ["x_refsource_MISC"], "url": "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf"}, {"name": "ADV-2010-0080", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0080"}, {"tags": ["x_refsource_MISC"], "url": "https://www.ironkey.com/usb-flash-drive-flaw-exposed"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0222", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.kingston.com/driveupdate/", "refsource": "MISC", "url": "http://www.kingston.com/driveupdate/"}, {"name": "http://www.syss.de/index.php?id=108&tx_ttnews[tt_news]=528&cHash=8d16fa63d9", "refsource": "MISC", "url": "http://www.syss.de/index.php?id=108&tx_ttnews[tt_news]=528&cHash=8d16fa63d9"}, {"name": "http://it.slashdot.org/story/10/01/05/1734242/", "refsource": "MISC", "url": "http://it.slashdot.org/story/10/01/05/1734242/"}, {"name": "http://news.zdnet.co.uk/security/0,1000000189,39963327,00.htm", "refsource": "MISC", "url": "http://news.zdnet.co.uk/security/0,1000000189,39963327,00.htm"}, {"name": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html", "refsource": "MISC", "url": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html"}, {"name": "http://blogs.zdnet.com/hardware/?p=6655", "refsource": "MISC", "url": "http://blogs.zdnet.com/hardware/?p=6655"}, {"name": "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf", "refsource": "MISC", "url": "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf"}, {"name": "ADV-2010-0080", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0080"}, {"name": "https://www.ironkey.com/usb-flash-drive-flaw-exposed", "refsource": "MISC", "url": "https://www.ironkey.com/usb-flash-drive-flaw-exposed"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:45:10.665Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.kingston.com/driveupdate/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://it.slashdot.org/story/10/01/05/1734242/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://news.zdnet.co.uk/security/0%2C1000000189%2C39963327%2C00.htm"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blogs.zdnet.com/hardware/?p=6655"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf"}, {"name": "ADV-2010-0080", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0080"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.ironkey.com/usb-flash-drive-flaw-exposed"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0222", "datePublished": "2010-01-07T19:00:00", "dateReserved": "2010-01-07T00:00:00", "dateUpdated": "2024-08-07T00:45:10.665Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:kingston:datatraveler_blackbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBB91653-9096-47B8-9238-3F11F70979F6", "vulnerable": true}, {"criteria": "cpe:2.3:h:kingston:datatraveler_elite:*:*:privacy:*:*:*:*:*", "matchCriteriaId": "6EC727F1-07ED-4FA1-B7F9-3F0499ABE62A", "vulnerable": true}, {"criteria": "cpe:2.3:h:kingston:datatraveler_secure:*:*:privacy:*:*:*:*:*", "matchCriteriaId": "6B7C3258-1FD3-490C-85A3-42EA85AB2664", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key."}, {"lang": "es", "value": "Los dispositivos USB Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), y DataTraveler Elite Privacy Edition (DTEP), emplean una clave de 256 bit para obtener acceso a los contenidos del dispositivo, lo que facilita a atacantes cercanos f\u00edsicamente, leer o modificar los datos empleando esta clave."}], "id": "CVE-2010-0222", "lastModified": "2023-11-07T02:05:01.770", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-01-07T19:30:00.497", "references": [{"source": "cve@mitre.org", "url": "http://blogs.zdnet.com/hardware/?p=6655"}, {"source": "cve@mitre.org", "url": "http://it.slashdot.org/story/10/01/05/1734242/"}, {"source": "cve@mitre.org", "url": "http://news.zdnet.co.uk/security/0%2C1000000189%2C39963327%2C00.htm"}, {"source": "cve@mitre.org", "url": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.kingston.com/driveupdate/"}, {"source": "cve@mitre.org", "url": "http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf"}, {"source": "cve@mitre.org", "url": "http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2010/0080"}, {"source": "cve@mitre.org", "url": "https://www.ironkey.com/usb-flash-drive-flaw-exposed"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}