RETIRED: Digipass Go3 Insecure Encryption Vulnerability
BID:21040
Info
RETIRED: Digipass Go3 Insecure Encryption Vulnerability
| Bugtraq ID: | 21040 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 13 2006 12:00AM |
| Updated: | Aug 25 2008 10:45PM |
| Credit: | faypou is credited with the discovery of this vulnerability. |
| Vulnerable: |
Vasco Digipass Go3 |
| Not Vulnerable: | |
Discussion
RETIRED: Digipass Go3 Insecure Encryption Vulnerability
Digipass Go3 is prone to an insecure-encryption vulnerability because the device uses an insecure encryption algorithm to encrypt sensitive data.
An attacker can exploit this issue to brute-force the encryption key and gain access to potentially sensitive data. This may lead to other attacks.
RETIRED: This BID is retired because the vulnerability as described does not exist.
Digipass Go3 is prone to an insecure-encryption vulnerability because the device uses an insecure encryption algorithm to encrypt sensitive data.
An attacker can exploit this issue to brute-force the encryption key and gain access to potentially sensitive data. This may lead to other attacks.
RETIRED: This BID is retired because the vulnerability as described does not exist.
Exploit / POC
RETIRED: Digipass Go3 Insecure Encryption Vulnerability
The following exploit code is available:
The following exploit code is available:
Solution / Fix
RETIRED: Digipass Go3 Insecure Encryption Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
RETIRED: Digipass Go3 Insecure Encryption Vulnerability
References:
References: