digital_persona_u.are.u_4500

Source -

NVD

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2019-13603

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-5.9||MEDIUM

EPSS-0.30% / 52.74%

7 Day CHG~0.00%

Published-16 Jul, 2019 | 16:52

Updated-04 Aug, 2024 | 23:57

An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. It has a statically coded initialization vector to encrypt a user's fingerprint image, resulting in weak encryption of that. This, in combination with retrieving an encrypted fingerprint image and encryption key (through another vulnerability), allows an attacker to obtain a user's fingerprint image.

Vendor-hidglobal n/a

Product-digital_persona_u.are.u_4500 digital_persona_u.are.u_4500_driver_firmware n/a

CWE ID-CWE-330

Use of Insufficiently Random Values

CVE-2019-12813

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-5.9||MEDIUM

EPSS-0.18% / 39.35%

7 Day CHG~0.00%

Published-13 Jun, 2019 | 22:25

Updated-04 Aug, 2024 | 23:32

An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt used for obfuscating the fingerprint image exhibit cleartext when the fingerprint scanner device transfers a fingerprint image to the driver. An attacker who sniffs an encrypted fingerprint image can easily decrypt that image using the key and salt.

Vendor-crossmatch n/a

Product-digital_persona_u.are.u_4500 digital_persona_u.are.u_4500_firmware n/a

CWE ID-CWE-319

Cleartext Transmission of Sensitive Information