CVE-2010-0225
SanDisk Cruzer Enterprise Firmware - Cleartext Storage of Sensitive Information via Fixed Encryption Key
Title source: llmDescription
SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for obtaining access to the cleartext drive contents, which makes it easier for physically proximate attackers to read or modify data by determining and providing this key.
References (9)
Core 9
Core References
Various Sources x_refsource_misc
http://www.syss.de/index.php?id=108&tx_ttnews%5Btt_news%5D=528&cHash=8d16fa63d9
Vendor Advisory x_refsource_misc
http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009
Third Party Advisory x_refsource_misc
http://it.slashdot.org/story/10/01/05/1734242/
Third Party Advisory x_refsource_misc
http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html
Broken Link x_refsource_misc
http://blogs.zdnet.com/hardware/?p=6655
Broken Link x_refsource_misc
http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0078
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37677
Broken Link x_refsource_misc
https://www.ironkey.com/usb-flash-drive-flaw-exposed
Scores
EPSS
0.0028
EPSS Percentile
19.5%
Details
CWE
CWE-312
Status
published
Products (1)
sandisk/cruzer_enterprise_firmware
Published
Jan 07, 2010
Tracked Since
Feb 18, 2026