September 27, 2023

Western Digital has released updates for its SanDisk SecureAccess software to fix multiple vulnerabilities that can be exploited to access user data by carrying out brute force and dictionary attacks.

Advertisements

The SanDisk Secure Access software, rebranded as SanDisk Private Access, allows storing and protecting critical and sensitive files on SanDisk USB flash drives. The access to user’s private vault is protected by a personal password, and all the files are automatically encrypted.

SanDisk SecureAccess version 3.02 was using a one-way cryptographic hash with a predictable salt, This means that the software is vulnerable to dictionary attacks. The software also uses a password hash with insufficient computational effort, as a consequence, an attacker can brute force user passwords leading to unauthorized access to user data.

The vulnerabilities, tracked as CVE-2021-36750 , were discovered by researcher Sylvain Pelissier. Western Digital addressed the issue with the release of SanDisk PrivateAccess version 6.3.5.

Advertisements

Earlier this year, WD warned customers that attacks targeting some of its older NAS devices involved the exploitation of a zero day vulnerability. Threat actors had targeted My Book Live and My Book Live Duo devices and reset them to factory settings.

Tags:

Leave a Reply

You may have missed

BORN Canada latest victim of MoveIT data breach

September 27, 2023

Hardware Supply Chain Risk Assessment from CISA

September 27, 2023

Sony attack – Ransomed.vc claims responsibility

September 26, 2023

Chrome Zeroday – CVE-2023-4863 PoC Exploit Released

September 25, 2023

BlackCat adds Clarion to its Victim list

September 24, 2023

TheCyberThrone Security Week In Review – September 23, 2023

September 24, 2023
%d bloggers like this: