CVE-2021-28653
MEDIUMWestern Digital G-Technology ArmorLock NVMe SSD <1.4.1 - Info Discl...
Title source: llmDescription
The iOS and macOS apps before 1.4.1 for the Western Digital G-Technology ArmorLock NVMe SSD store keys insecurely. They choose a non-preferred storage mechanism if the device has Secure Enclave support but lacks biometric authentication hardware.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.westerndigital.com/support/productsecurity/wdc-21003-armorLock-insecure-key-storage-vulnerability
Scores
CVSS v3
6.5
EPSS
0.0089
EPSS Percentile
54.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-922
Status
published
Products (1)
westerndigital/armorlock
< 1.4.1 (2 CPE variants)
Published
Mar 19, 2021
Tracked Since
Feb 18, 2026