CVE-2020-27208

medium

Description

The flash read-out protection (RDP) level is not enforced during the device initialization phase of the SoloKeys Solo 4.0.0 & Somu and the Nitrokey FIDO2 token. This allows an adversary to downgrade the RDP level and access secrets such as private ECC keys from SRAM via the debug interface.

References

https://www.aisec.fraunhofer.de/en/FirmwareProtection.html

https://www.aisec.fraunhofer.de/de/das-institut/wissenschaftliche-exzellenz/security-and-trust-in-open-source-security-tokens.html

https://twitter.com/SoloKeysSec

https://solokeys.com

https://github.com/solokeys/solo/commit/a9c02cd354f34b48195a342c7f524abdef5cbcec

https://eprint.iacr.org/2021/640

Details

Source: Mitre, NVD

Published: 2021-05-21

Updated: 2021-05-28

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.8

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Medium