Seong-Joong Kim

3 exploits Active since Jun 2019
CVE-2019-12813 WRITEUP MEDIUM WORKING POC
Digital Persona U.are.U 4500 Fingerprint Reader v24 - Cleartext Transmission of Sensitive Fingerprint Data
An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt used for obfuscating the fingerprint image exhibit cleartext when the fingerprint scanner device transfers a fingerprint image to the driver. An attacker who sniffs an encrypted fingerprint image can easily decrypt that image using the key and salt.
CVSS 5.9
CVE-2019-13603 WRITEUP MEDIUM WORKING POC
HID Global DigitalPersona <5.0.0.5 - Info Disclosure
An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. It has a statically coded initialization vector to encrypt a user's fingerprint image, resulting in weak encryption of that. This, in combination with retrieving an encrypted fingerprint image and encryption key (through another vulnerability), allows an attacker to obtain a user's fingerprint image.
CVSS 5.9
CVE-2019-13604 WRITEUP MEDIUM WORKING POC
HID Global DigitalPersona U.are.U 4500 v24 - Biometric Info Leak via Brute-Force
There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader v24. The key for obfuscating the fingerprint image is vulnerable to brute-force attacks. This allows an attacker to recover the key and decrypt that image using the key. Successful exploitation causes a sensitive biometric information leak.
CVSS 5.9