![]() ![]() ![]() The flaw affects Western Digital SanDisk SSD Dashboard applications prior to version 2.5.1.0. Specifically, a malicious user can create a rogue hotspot that the computer will join or launch a man-in-the-middle attack and then serve malicious content instead of the data requested by the app,” said researchers. “This makes it trivial to attack users running this application in untrusted environments (e.g. Through the MiTM attack, attackers can serve malicious content instead of the data requested by the app. This can allow an attacker to create a rogue hotspot and perform a man-in-the-middle attack. The flaw exists as the application uses HTTP instead of HTTPS for communication with the SanDisk site. The second vulnerability - CVE-2019-13467 - is more severe. By exploiting the vulnerability, an attacker can intercept the report to read all the sensitive data included in the SSD Dashboard. The password is the same for every installation. They found that one of the strings was a hardcoded password used for encrypting report information. Trustwave researchers found the bug after dumping strings from the main binary file-SanDiskSSDDashboard.exe. The flaw is related to the use of a hard-coded password for protecting the archived customer-generated system and diagnostic reports. Two severe vulnerabilities in the Western Digital and SanDisk SSD Dashboard can allow threat actors to trick users into running arbitrary code on the computers.ĭiscovered by Trustwave researchers, one of the vulnerabilities is detected as CVE-2019-13466. The flaw affects Western Digital SanDisk SSD Dashboard applications prior to version 2.5.1.0.One of the vulnerabilities arises due to the use of insecure HTTP connection. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |