CVE-2010-0225

SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.

Weakness

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Affected Software

Potential Mitigations

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/37.html

References

• http://blogs.zdnet.com/hardware/?p=6655
• http://it.slashdot.org/story/10/01/05/1734242/
• http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html
• http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009
• http://www.securityfocus.com/bid/37677
• http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf
• http://www.syss.de/index.php?id=108\u0026tx_ttnews%5Btt_news%5D=528\u0026cHash=8d16fa63d9
• http://www.vupen.com/english/advisories/2010/0078
• https://www.ironkey.com/usb-flash-drive-flaw-exposed
• http://blogs.zdnet.com/hardware/?p=6655
• http://it.slashdot.org/story/10/01/05/1734242/
• http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html
• http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009
• http://www.securityfocus.com/bid/37677
• http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf
• http://www.syss.de/index.php?id=108\u0026tx_ttnews%5Btt_news%5D=528\u0026cHash=8d16fa63d9
• http://www.vupen.com/english/advisories/2010/0078
• https://www.ironkey.com/usb-flash-drive-flaw-exposed