CVE-2016-1919

MEDIUM

Samsung KNOX 1.0 - Info Disclosure

Title source: llm

Description

Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack.

References (4)

[Mailing List, Third Party Advisory] http://lists.openwall.net/bugtraq/2016/01/17/2

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/135303/Samsung-KNOX-1.0-Weak-eCryptFS-Key-Generation.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/537319/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/537340/100/0/threaded

Scores

CVSS v3 4.7

EPSS 0.0007

EPSS Percentile 20.2%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-310 CWE-200

Status published

Affected Products (2)

samsung/knox < 1.0

n/a/n/a

Timeline

Published Jan 27, 2017

Tracked Since Feb 18, 2026