ByteOS Network

Vulnerability Details :

CVE-2009-0657

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-20 Feb, 2009 | 19:00

Updated At-07 Aug, 2024 | 04:40

Toshiba Face Recognition 2.0.2.32 allows physically proximate attackers to obtain notebook access by presenting a large number of images for which the viewpoint and lighting have been modified to match a stored image of the authorized notebook user.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:20 Feb, 2009 | 19:00

Updated At:07 Aug, 2024 | 04:40

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-password.pdf	x_refsource_MISC
http://www.securityfocus.com/archive/1/498997	mailing-list x_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/48963	vdb-entry x_refsource_XF
http://www.securityfocus.com/bid/32700	vdb-entry x_refsource_BID
http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Nguyen	x_refsource_MISC
http://security.bkis.vn/?p=292	x_refsource_MISC

Hyperlink: http://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-password.pdf

Resource:

x_refsource_MISC

Hyperlink: http://www.securityfocus.com/archive/1/498997

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/48963

Resource:

vdb-entry

x_refsource_XF

Hyperlink: http://www.securityfocus.com/bid/32700

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Nguyen

Resource:

x_refsource_MISC

Hyperlink: http://security.bkis.vn/?p=292

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-password.pdf	x_refsource_MISC x_transferred
http://www.securityfocus.com/archive/1/498997	mailing-list x_refsource_BUGTRAQ x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/48963	vdb-entry x_refsource_XF x_transferred
http://www.securityfocus.com/bid/32700	vdb-entry x_refsource_BID x_transferred
http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Nguyen	x_refsource_MISC x_transferred
http://security.bkis.vn/?p=292	x_refsource_MISC x_transferred

Hyperlink: http://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-password.pdf

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://www.securityfocus.com/archive/1/498997

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/48963

Resource:

vdb-entry

x_refsource_XF

x_transferred

Hyperlink: http://www.securityfocus.com/bid/32700

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Nguyen

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://security.bkis.vn/?p=292

Resource:

x_refsource_MISC

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:20 Feb, 2009 | 19:30

Updated At:17 Aug, 2017 | 01:29

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C

Type: Primary

Version: 2.0

Base score: 6.9

Base severity: MEDIUM

Vector:

AV:L/AC:M/Au:N/C:C/I:C/A:C

CPE Matches

toshiba>>face_recognition>>2.0.2.32

cpe:2.3:h:toshiba:face_recognition:2.0.2.32:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-255	Primary	nvd@nist.gov

CWE ID: CWE-255

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://security.bkis.vn/?p=292	cve@mitre.org	N/A
http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Nguyen	cve@mitre.org	N/A
http://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-password.pdf	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/498997	cve@mitre.org	N/A
http://www.securityfocus.com/bid/32700	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/48963	cve@mitre.org	N/A

Hyperlink: http://security.bkis.vn/?p=292

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Nguyen

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-password.pdf

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/archive/1/498997

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/32700

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/48963

Source: cve@mitre.org

Resource: N/A

Similar CVEs

3Records found

CVE-2015-0884

Matching Score-8

Assigner-JPCERT/CC

View Details

Matching Score-8

Assigner-JPCERT/CC

CVSS Score-6.9||MEDIUM

EPSS-0.08% / 25.36%

7 Day CHG~0.00%

Published-28 Feb, 2015 | 02:00

Updated-12 Apr, 2025 | 10:46

Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.

Vendor-toshiba n/a Microsoft Corporation

Product-windows bluetooth_stack service_station n/a

CVE-2009-0656

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-6.9||MEDIUM

EPSS-0.06% / 19.77%

7 Day CHG~0.00%

Published-20 Feb, 2009 | 19:00

Updated-07 Aug, 2024 | 04:40

Asus SmartLogon 1.0.0005 allows physically proximate attackers to bypass "security functions" by presenting an image with a modified viewpoint that matches the posture of a stored image of the authorized notebook user.

Vendor-n/a ASUS (ASUSTeK Computer Inc.)

Product-smartlogon n/a

CWE ID-CWE-255

Not Available

CVE-2009-2508

Matching Score-4

Assigner-Microsoft Corporation

View Details

Matching Score-4

Assigner-Microsoft Corporation

CVSS Score-6.9||MEDIUM

EPSS-0.77% / 72.49%

7 Day CHG~0.00%

Published-09 Dec, 2009 | 18:00

Updated-07 Aug, 2024 | 05:52

The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."

Vendor-n/a Microsoft Corporation

Product-windows_server_2003 windows_server_2008 n/a

CWE ID-CWE-255

Not Available

CVE-2009-0657

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs