CVE-2019-12813 - OpenCVE

An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt used for obfuscating the fingerprint image exhibit cleartext when the fingerprint scanner device transfers a fingerprint image to the driver. An attacker who sniffs an encrypted fingerprint image can easily decrypt that image using the key and salt.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Crossmatch	Digital Persona U.are.u 4500 Digital Persona U.are.u 4500 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:crossmatch:digital_persona_u.are.u_4500_firmware:24:*:*:*:*:*:*:*

cpe:2.3:h:crossmatch:digital_persona_u.are.u_4500:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/sungjungk/fp-scanner-hacking
https://www.youtube.com/watch?v=Grirez2xeas
https://www.youtube.com/watch?v=wEXJDyEOatM

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-06-13T22:25:28

Updated: 2024-08-04T23:32:55.107Z

Reserved: 2019-06-13T00:00:00

Link: CVE-2019-12813

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-06-13T23:29:00.223

Modified: 2021-07-21T11:39:23.747

Link: CVE-2019-12813

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt used for obfuscating the fingerprint image exhibit cleartext when the fingerprint scanner device transfers a fingerprint image to the driver. An attacker who sniffs an encrypted fingerprint image can easily decrypt that image using the key and salt."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-06-13T22:25:28", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/sungjungk/fp-scanner-hacking"}, {"tags": ["x_refsource_MISC"], "url": "https://www.youtube.com/watch?v=wEXJDyEOatM"}, {"tags": ["x_refsource_MISC"], "url": "https://www.youtube.com/watch?v=Grirez2xeas"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-12813", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt used for obfuscating the fingerprint image exhibit cleartext when the fingerprint scanner device transfers a fingerprint image to the driver. An attacker who sniffs an encrypted fingerprint image can easily decrypt that image using the key and salt."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/sungjungk/fp-scanner-hacking", "refsource": "MISC", "url": "https://github.com/sungjungk/fp-scanner-hacking"}, {"name": "https://www.youtube.com/watch?v=wEXJDyEOatM", "refsource": "MISC", "url": "https://www.youtube.com/watch?v=wEXJDyEOatM"}, {"name": "https://www.youtube.com/watch?v=Grirez2xeas", "refsource": "MISC", "url": "https://www.youtube.com/watch?v=Grirez2xeas"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:32:55.107Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sungjungk/fp-scanner-hacking"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.youtube.com/watch?v=wEXJDyEOatM"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.youtube.com/watch?v=Grirez2xeas"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-12813", "datePublished": "2019-06-13T22:25:28", "dateReserved": "2019-06-13T00:00:00", "dateUpdated": "2024-08-04T23:32:55.107Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:crossmatch:digital_persona_u.are.u_4500_firmware:24:*:*:*:*:*:*:*", "matchCriteriaId": "4155CEFD-087C-4980-81DF-A39198503CDA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:crossmatch:digital_persona_u.are.u_4500:-:*:*:*:*:*:*:*", "matchCriteriaId": "EBCFF6B0-DAAF-4E51-972C-5D9EDC540614", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt used for obfuscating the fingerprint image exhibit cleartext when the fingerprint scanner device transfers a fingerprint image to the driver. An attacker who sniffs an encrypted fingerprint image can easily decrypt that image using the key and salt."}, {"lang": "es", "value": "Se ha descubierto un problema en el Digital persona U.are U 4500 Fingerprint Reader v24. La llave y salt utilizado para alterar la imagen de la huella digital muestra un texto claro cuando el dispositivo del esc\u00e1ner de huellas digitales transfiere una imagen de la huella digital al controlador. Un atacante que olfate\u00e9 una imagen de huella digital cifrada puede descifrar f\u00e1cilmente esa imagen usando la clave y la sa"}], "id": "CVE-2019-12813", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-13T23:29:00.223", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/sungjungk/fp-scanner-hacking"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.youtube.com/watch?v=Grirez2xeas"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.youtube.com/watch?v=wEXJDyEOatM"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}