Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for keypad_secure_usb_3.2_gen_1_firmware by verbatim

    CVE-2022-28386 (GCVE-0-2022-28386)

    Vulnerability from nvd – Published: 2022-06-08 00:00 – Updated: 2024-08-03 05:56
    VLAI
    Summary
    An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:56:14.917Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-004.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-008.txt"
              },
              {
                "name": "20220610 [SYSS-2022-004]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Expected Behavior Violation (CWE-440) (CVE-2022-28386)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/11"
              },
              {
                "name": "20220610 [SYSS-2022-008]: Verbatim Store \u0027n\u0027 Go Secure Portable HDD - Expected Behavior Violation (CWE-440) (CVE-2022-28386)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/20"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167509/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Behavior-Violation.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167492/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-Passcode-Retry.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-046.txt"
              },
              {
                "name": "20221008 [SYSS-2022-046]: Verbatim Store \u0027n\u0027 Go Secure Portable SSD - Expected Behavior Violation (CWE-440) (CVE-2022-28386)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Oct/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store \u0027n\u0027 Go Secure Portable HDD GD25LK01-3637-C VER4.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-09T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-004.txt"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-008.txt"
            },
            {
              "name": "20220610 [SYSS-2022-004]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Expected Behavior Violation (CWE-440) (CVE-2022-28386)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/11"
            },
            {
              "name": "20220610 [SYSS-2022-008]: Verbatim Store \u0027n\u0027 Go Secure Portable HDD - Expected Behavior Violation (CWE-440) (CVE-2022-28386)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/20"
            },
            {
              "url": "http://packetstormsecurity.com/files/167509/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Behavior-Violation.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/167492/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-Passcode-Retry.html"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-046.txt"
            },
            {
              "name": "20221008 [SYSS-2022-046]: Verbatim Store \u0027n\u0027 Go Secure Portable SSD - Expected Behavior Violation (CWE-440) (CVE-2022-28386)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Oct/6"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-28386",
        "datePublished": "2022-06-08T00:00:00.000Z",
        "dateReserved": "2022-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:56:14.917Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-28384 (GCVE-0-2022-28384)

    Vulnerability from nvd – Published: 2022-06-08 00:00 – Updated: 2024-08-03 05:56
    VLAI
    Summary
    An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized access to the stored encrypted data. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:56:14.937Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-001.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-005.txt"
              },
              {
                "name": "20220610 [SYSS-2022-005]: Verbatim Store \u0027n\u0027 Go Secure Portable HDD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/17"
              },
              {
                "name": "20220610 [SYSS-2022-001]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/8"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167481/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-Cryptography-Issue.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167499/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Risky-Crypto.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-043.txt"
              },
              {
                "name": "20221008 [SYSS-2022-043]: Verbatim Store \u0027n\u0027 Go Secure Portable SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Oct/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized access to the stored encrypted data. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store \u0027n\u0027 Go Secure Portable HDD GD25LK01-3637-C VER4.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-09T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-001.txt"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-005.txt"
            },
            {
              "name": "20220610 [SYSS-2022-005]: Verbatim Store \u0027n\u0027 Go Secure Portable HDD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/17"
            },
            {
              "name": "20220610 [SYSS-2022-001]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/8"
            },
            {
              "url": "http://packetstormsecurity.com/files/167481/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-Cryptography-Issue.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/167499/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Risky-Crypto.html"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-043.txt"
            },
            {
              "name": "20221008 [SYSS-2022-043]: Verbatim Store \u0027n\u0027 Go Secure Portable SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Oct/3"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-28384",
        "datePublished": "2022-06-08T00:00:00.000Z",
        "dateReserved": "2022-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:56:14.937Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-28383 (GCVE-0-2022-28383)

    Vulnerability from nvd – Published: 2022-06-08 00:00 – Updated: 2024-08-03 05:56
    VLAI
    Summary
    An issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the USB drive (e.g., by leveraging physical access during the supply chain). This code is then executed. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:56:15.115Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-003.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-007.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-011.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-016.txt"
              },
              {
                "name": "20220610 [SYSS-2022-007]: Verbatim Store \u0027n\u0027 Go Secure Portable HDD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/19"
              },
              {
                "name": "20220610 [SYSS-2022-016]: Verbatim Fingerprint Secure Portable Hard Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/25"
              },
              {
                "name": "20220610 [SYSS-2022-003]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/10"
              },
              {
                "name": "20220610 [SYSS-2022-011]: Verbatim Executive Fingerprint Secure SSD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/12"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167482/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-Missing-Control.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167508/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Missing-Trust.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167535/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Missing-Trust.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167539/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Missing-Trust.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-045.txt"
              },
              {
                "name": "20221008 [SYSS-2022-045]: Verbatim Store \u0027n\u0027 Go Secure Portable SSD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Oct/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the USB drive (e.g., by leveraging physical access during the supply chain). This code is then executed. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store \u0027n\u0027 Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-09T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-003.txt"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-007.txt"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-011.txt"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-016.txt"
            },
            {
              "name": "20220610 [SYSS-2022-007]: Verbatim Store \u0027n\u0027 Go Secure Portable HDD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/19"
            },
            {
              "name": "20220610 [SYSS-2022-016]: Verbatim Fingerprint Secure Portable Hard Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/25"
            },
            {
              "name": "20220610 [SYSS-2022-003]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/10"
            },
            {
              "name": "20220610 [SYSS-2022-011]: Verbatim Executive Fingerprint Secure SSD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/12"
            },
            {
              "url": "http://packetstormsecurity.com/files/167482/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-Missing-Control.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/167508/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Missing-Trust.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/167535/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Missing-Trust.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/167539/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Missing-Trust.html"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-045.txt"
            },
            {
              "name": "20221008 [SYSS-2022-045]: Verbatim Store \u0027n\u0027 Go Secure Portable SSD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Oct/5"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-28383",
        "datePublished": "2022-06-08T00:00:00.000Z",
        "dateReserved": "2022-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:56:15.115Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-28382 (GCVE-0-2022-28382)

    Vulnerability from nvd – Published: 2022-06-08 00:00 – Updated: 2024-08-03 05:56
    VLAI
    Summary
    An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode (Electronic Codebook, aka ECB), an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB mode. This operation mode of block ciphers (e.g., AES) always encrypts identical plaintext data, in this case blocks of 16 bytes, to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion, within ECB, can leak sensitive information even in encrypted data. Thus, the use of the ECB operation mode can put the confidentiality of specific information at risk, even in an encrypted form. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:56:14.945Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-002.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-006.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-010.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-015.txt"
              },
              {
                "name": "20220610 [SYSS-2022-006]: Verbatim Store \u0027n\u0027 Go Secure Portable HDD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/18"
              },
              {
                "name": "20220610 [SYSS-2022-010]: Verbatim Executive Fingerprint Secure SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/22"
              },
              {
                "name": "20220610 [SYSS-2022-002]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/9"
              },
              {
                "name": "20220610 [SYSS-2022-015]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/24"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167491/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-ECB-Issue.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167500/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Risky-Crypto.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167532/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167528/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-044.txt"
              },
              {
                "name": "20221008 [SYSS-2022-044]: Verbatim Store \u0027n\u0027 Go Secure Portable SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Oct/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode (Electronic Codebook, aka ECB), an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB mode. This operation mode of block ciphers (e.g., AES) always encrypts identical plaintext data, in this case blocks of 16 bytes, to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion, within ECB, can leak sensitive information even in encrypted data. Thus, the use of the ECB operation mode can put the confidentiality of specific information at risk, even in an encrypted form. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store \u0027n\u0027 Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-09T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-002.txt"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-006.txt"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-010.txt"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-015.txt"
            },
            {
              "name": "20220610 [SYSS-2022-006]: Verbatim Store \u0027n\u0027 Go Secure Portable HDD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/18"
            },
            {
              "name": "20220610 [SYSS-2022-010]: Verbatim Executive Fingerprint Secure SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/22"
            },
            {
              "name": "20220610 [SYSS-2022-002]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/9"
            },
            {
              "name": "20220610 [SYSS-2022-015]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/24"
            },
            {
              "url": "http://packetstormsecurity.com/files/167491/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-ECB-Issue.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/167500/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Risky-Crypto.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/167532/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/167528/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-044.txt"
            },
            {
              "name": "20221008 [SYSS-2022-044]: Verbatim Store \u0027n\u0027 Go Secure Portable SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Oct/4"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-28382",
        "datePublished": "2022-06-08T00:00:00.000Z",
        "dateReserved": "2022-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:56:14.945Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-28382 (GCVE-0-2022-28382)

    Vulnerability from cvelistv5 – Published: 2022-06-08 00:00 – Updated: 2024-08-03 05:56
    VLAI
    Summary
    An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode (Electronic Codebook, aka ECB), an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB mode. This operation mode of block ciphers (e.g., AES) always encrypts identical plaintext data, in this case blocks of 16 bytes, to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion, within ECB, can leak sensitive information even in encrypted data. Thus, the use of the ECB operation mode can put the confidentiality of specific information at risk, even in an encrypted form. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:56:14.945Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-002.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-006.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-010.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-015.txt"
              },
              {
                "name": "20220610 [SYSS-2022-006]: Verbatim Store \u0027n\u0027 Go Secure Portable HDD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/18"
              },
              {
                "name": "20220610 [SYSS-2022-010]: Verbatim Executive Fingerprint Secure SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/22"
              },
              {
                "name": "20220610 [SYSS-2022-002]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/9"
              },
              {
                "name": "20220610 [SYSS-2022-015]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/24"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167491/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-ECB-Issue.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167500/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Risky-Crypto.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167532/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167528/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-044.txt"
              },
              {
                "name": "20221008 [SYSS-2022-044]: Verbatim Store \u0027n\u0027 Go Secure Portable SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Oct/4"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode (Electronic Codebook, aka ECB), an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB mode. This operation mode of block ciphers (e.g., AES) always encrypts identical plaintext data, in this case blocks of 16 bytes, to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion, within ECB, can leak sensitive information even in encrypted data. Thus, the use of the ECB operation mode can put the confidentiality of specific information at risk, even in an encrypted form. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store \u0027n\u0027 Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-09T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-002.txt"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-006.txt"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-010.txt"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-015.txt"
            },
            {
              "name": "20220610 [SYSS-2022-006]: Verbatim Store \u0027n\u0027 Go Secure Portable HDD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/18"
            },
            {
              "name": "20220610 [SYSS-2022-010]: Verbatim Executive Fingerprint Secure SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/22"
            },
            {
              "name": "20220610 [SYSS-2022-002]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/9"
            },
            {
              "name": "20220610 [SYSS-2022-015]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/24"
            },
            {
              "url": "http://packetstormsecurity.com/files/167491/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-ECB-Issue.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/167500/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Risky-Crypto.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/167532/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/167528/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-044.txt"
            },
            {
              "name": "20221008 [SYSS-2022-044]: Verbatim Store \u0027n\u0027 Go Secure Portable SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Oct/4"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-28382",
        "datePublished": "2022-06-08T00:00:00.000Z",
        "dateReserved": "2022-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:56:14.945Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-28383 (GCVE-0-2022-28383)

    Vulnerability from cvelistv5 – Published: 2022-06-08 00:00 – Updated: 2024-08-03 05:56
    VLAI
    Summary
    An issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the USB drive (e.g., by leveraging physical access during the supply chain). This code is then executed. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:56:15.115Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-003.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-007.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-011.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-016.txt"
              },
              {
                "name": "20220610 [SYSS-2022-007]: Verbatim Store \u0027n\u0027 Go Secure Portable HDD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/19"
              },
              {
                "name": "20220610 [SYSS-2022-016]: Verbatim Fingerprint Secure Portable Hard Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/25"
              },
              {
                "name": "20220610 [SYSS-2022-003]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/10"
              },
              {
                "name": "20220610 [SYSS-2022-011]: Verbatim Executive Fingerprint Secure SSD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/12"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167482/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-Missing-Control.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167508/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Missing-Trust.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167535/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Missing-Trust.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167539/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Missing-Trust.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-045.txt"
              },
              {
                "name": "20221008 [SYSS-2022-045]: Verbatim Store \u0027n\u0027 Go Secure Portable SSD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Oct/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the USB drive (e.g., by leveraging physical access during the supply chain). This code is then executed. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store \u0027n\u0027 Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-09T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-003.txt"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-007.txt"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-011.txt"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-016.txt"
            },
            {
              "name": "20220610 [SYSS-2022-007]: Verbatim Store \u0027n\u0027 Go Secure Portable HDD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/19"
            },
            {
              "name": "20220610 [SYSS-2022-016]: Verbatim Fingerprint Secure Portable Hard Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/25"
            },
            {
              "name": "20220610 [SYSS-2022-003]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/10"
            },
            {
              "name": "20220610 [SYSS-2022-011]: Verbatim Executive Fingerprint Secure SSD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/12"
            },
            {
              "url": "http://packetstormsecurity.com/files/167482/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-Missing-Control.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/167508/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Missing-Trust.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/167535/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Missing-Trust.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/167539/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Missing-Trust.html"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-045.txt"
            },
            {
              "name": "20221008 [SYSS-2022-045]: Verbatim Store \u0027n\u0027 Go Secure Portable SSD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Oct/5"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-28383",
        "datePublished": "2022-06-08T00:00:00.000Z",
        "dateReserved": "2022-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:56:15.115Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-28384 (GCVE-0-2022-28384)

    Vulnerability from cvelistv5 – Published: 2022-06-08 00:00 – Updated: 2024-08-03 05:56
    VLAI
    Summary
    An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized access to the stored encrypted data. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:56:14.937Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-001.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-005.txt"
              },
              {
                "name": "20220610 [SYSS-2022-005]: Verbatim Store \u0027n\u0027 Go Secure Portable HDD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/17"
              },
              {
                "name": "20220610 [SYSS-2022-001]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/8"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167481/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-Cryptography-Issue.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167499/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Risky-Crypto.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-043.txt"
              },
              {
                "name": "20221008 [SYSS-2022-043]: Verbatim Store \u0027n\u0027 Go Secure Portable SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Oct/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized access to the stored encrypted data. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store \u0027n\u0027 Go Secure Portable HDD GD25LK01-3637-C VER4.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-09T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-001.txt"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-005.txt"
            },
            {
              "name": "20220610 [SYSS-2022-005]: Verbatim Store \u0027n\u0027 Go Secure Portable HDD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/17"
            },
            {
              "name": "20220610 [SYSS-2022-001]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/8"
            },
            {
              "url": "http://packetstormsecurity.com/files/167481/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-Cryptography-Issue.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/167499/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Risky-Crypto.html"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-043.txt"
            },
            {
              "name": "20221008 [SYSS-2022-043]: Verbatim Store \u0027n\u0027 Go Secure Portable SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Oct/3"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-28384",
        "datePublished": "2022-06-08T00:00:00.000Z",
        "dateReserved": "2022-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:56:14.937Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-28386 (GCVE-0-2022-28386)

    Vulnerability from cvelistv5 – Published: 2022-06-08 00:00 – Updated: 2024-08-03 05:56
    VLAI
    Summary
    An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:56:14.917Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-004.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-008.txt"
              },
              {
                "name": "20220610 [SYSS-2022-004]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Expected Behavior Violation (CWE-440) (CVE-2022-28386)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/11"
              },
              {
                "name": "20220610 [SYSS-2022-008]: Verbatim Store \u0027n\u0027 Go Secure Portable HDD - Expected Behavior Violation (CWE-440) (CVE-2022-28386)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jun/20"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167509/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Behavior-Violation.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/167492/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-Passcode-Retry.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-046.txt"
              },
              {
                "name": "20221008 [SYSS-2022-046]: Verbatim Store \u0027n\u0027 Go Secure Portable SSD - Expected Behavior Violation (CWE-440) (CVE-2022-28386)",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Oct/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store \u0027n\u0027 Go Secure Portable HDD GD25LK01-3637-C VER4.0."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-09T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-004.txt"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-008.txt"
            },
            {
              "name": "20220610 [SYSS-2022-004]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Expected Behavior Violation (CWE-440) (CVE-2022-28386)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/11"
            },
            {
              "name": "20220610 [SYSS-2022-008]: Verbatim Store \u0027n\u0027 Go Secure Portable HDD - Expected Behavior Violation (CWE-440) (CVE-2022-28386)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jun/20"
            },
            {
              "url": "http://packetstormsecurity.com/files/167509/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Behavior-Violation.html"
            },
            {
              "url": "http://packetstormsecurity.com/files/167492/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-Passcode-Retry.html"
            },
            {
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-046.txt"
            },
            {
              "name": "20221008 [SYSS-2022-046]: Verbatim Store \u0027n\u0027 Go Secure Portable SSD - Expected Behavior Violation (CWE-440) (CVE-2022-28386)",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Oct/6"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-28386",
        "datePublished": "2022-06-08T00:00:00.000Z",
        "dateReserved": "2022-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-03T05:56:14.917Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }