CVE-2010-0227 - Vulnerability Details - OpenCVE

Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Verbatim	Corporate Secure

Configuration 1 [-]

OR	cpe:2.3:h:verbatim:corporate_secure::::::::
	cpe:2.3:h:verbatim:corporate_secure:::::fips:::*

No data.

References

Link	Providers
http://blogs.zdnet.com/hardware/?p=6655
http://it.slashdot.org/story/10/01/05/1734242/
http://securitytracker.com/id?1023409
http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html
http://www.verbatim.com/security/security-update.cfm
https://www.ironkey.com/usb-flash-drive-flaw-exposed

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-01-07T19:00:00Z

Updated: 2024-09-16T16:53:29.208Z

Reserved: 2010-01-07T00:00:00Z

Link: CVE-2010-0227

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-01-07T19:30:00.683

Modified: 2025-04-09T00:30:58.490

Link: CVE-2010-0227

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-01-07T19:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1023409", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1023409"}, {"tags": ["x_refsource_MISC"], "url": "http://it.slashdot.org/story/10/01/05/1734242/"}, {"tags": ["x_refsource_MISC"], "url": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.verbatim.com/security/security-update.cfm"}, {"tags": ["x_refsource_MISC"], "url": "http://blogs.zdnet.com/hardware/?p=6655"}, {"tags": ["x_refsource_MISC"], "url": "https://www.ironkey.com/usb-flash-drive-flaw-exposed"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0227", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1023409", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1023409"}, {"name": "http://it.slashdot.org/story/10/01/05/1734242/", "refsource": "MISC", "url": "http://it.slashdot.org/story/10/01/05/1734242/"}, {"name": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html", "refsource": "MISC", "url": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html"}, {"name": "http://www.verbatim.com/security/security-update.cfm", "refsource": "MISC", "url": "http://www.verbatim.com/security/security-update.cfm"}, {"name": "http://blogs.zdnet.com/hardware/?p=6655", "refsource": "MISC", "url": "http://blogs.zdnet.com/hardware/?p=6655"}, {"name": "https://www.ironkey.com/usb-flash-drive-flaw-exposed", "refsource": "MISC", "url": "https://www.ironkey.com/usb-flash-drive-flaw-exposed"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:45:11.713Z"}, "title": "CVE Program Container", "references": [{"name": "1023409", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1023409"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://it.slashdot.org/story/10/01/05/1734242/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.verbatim.com/security/security-update.cfm"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blogs.zdnet.com/hardware/?p=6655"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.ironkey.com/usb-flash-drive-flaw-exposed"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0227", "datePublished": "2010-01-07T19:00:00Z", "dateReserved": "2010-01-07T00:00:00Z", "dateUpdated": "2024-09-16T16:53:29.208Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:verbatim:corporate_secure:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BCF538F-945E-484F-847A-77D148E569FD", "vulnerable": true}, {"criteria": "cpe:2.3:h:verbatim:corporate_secure:*:*:*:*:fips:*:*:*", "matchCriteriaId": "83B755CB-5C9A-424A-AE0D-BA67699C2FCA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program."}, {"lang": "es", "value": "Los dispositivos USB Verbatim Corporate Secure y Corporate Secure FIPS Edition validan las contrase\u00f1as con un programa que se ejecuta en el ordenador anfitri\u00f3n y no en el propio dispositivo, lo que permite a atacantes cercanos f\u00edsicamente, acceder a los contenidos del dispositivo mediante un programa modificado."}], "id": "CVE-2010-0227", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-01-07T19:30:00.683", "references": [{"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://blogs.zdnet.com/hardware/?p=6655"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://it.slashdot.org/story/10/01/05/1734242/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1023409"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.verbatim.com/security/security-update.cfm"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://www.ironkey.com/usb-flash-drive-flaw-exposed"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://blogs.zdnet.com/hardware/?p=6655"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://it.slashdot.org/story/10/01/05/1734242/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1023409"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.verbatim.com/security/security-update.cfm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://www.ironkey.com/usb-flash-drive-flaw-exposed"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-255"}], "source": "nvd@nist.gov", "type": "Primary"}]}