Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd genĀ versions prior to 6.2.9.5. Insignia TV with FireOSĀ 7.6.3.3.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Bitdefender

Published: 2023-05-03T12:33:31.872Z

Updated: 2024-08-02T05:49:11.227Z

Reserved: 2023-03-14T09:59:35.119Z

Link: CVE-2023-1385

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2023-05-03T13:15:10.290

Modified: 2023-05-12T16:07:46.433

Link: CVE-2023-1385

cve-icon Redhat

No data.