CVE-2009-0655

Lenovo Veriface III - Info Disclosure

Title source: llm

Description

Lenovo Veriface III allows physically proximate attackers to login to a Windows account by presenting a "plain image" of the authorized user.

References (6)

[Various Sources] http://www.blackhat.com/html/bh-dc-09/bh-dc-09-archives.html#Nguyen

[Exploit] http://security.bkis.vn/?p=292

[Exploit] http://www.blackhat.com/presentations/bh-dc-09/Nguyen/BlackHat-DC-09-Nguyen-Face-not-your-password.pdf

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/48961

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/498997

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/32700

Scores

EPSS 0.0007

EPSS Percentile 21.4%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

lenovo/veriface

Timeline

Published Feb 20, 2009

Tracked Since Feb 18, 2026