CVE-2019-13603
MEDIUMHID Global DigitalPersona <5.0.0.5 - Info Disclosure
Title source: llmDescription
An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. It has a statically coded initialization vector to encrypt a user's fingerprint image, resulting in weak encryption of that. This, in combination with retrieving an encrypted fingerprint image and encryption key (through another vulnerability), allows an attacker to obtain a user's fingerprint image.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/sungjungk/fp-scanner-hacking
Exploit, Third Party Advisory x_refsource_misc
https://www.youtube.com/watch?v=wEXJDyEOatM
Exploit, Third Party Advisory x_refsource_misc
https://www.youtube.com/watch?v=Grirez2xeas
Scores
CVSS v3
5.9
EPSS
0.0029
EPSS Percentile
52.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-330
Status
published
Products (1)
hidglobal/digital_persona_u.are.u_4500_driver_firmware
5.0.0.5
Published
Jul 16, 2019
Tracked Since
Feb 18, 2026