You can find detailed information here on upgrading your installation and migrating the SecureAccess Vault to the new PrivateAccess Vault. The flaw ( CVE-2021-36750) stemming from the key derivation function issues presented above has been addressed with the release of SanDisk PrivateAccess Version 6.3.5, which now uses PBKDF2-SHA256 together with a randomly generated salt. "The software also made use of a password hash with insufficient computational effort that would allow an attacker to brute force user passwords leading to unauthorized access to user data." "SanDisk SecureAccess 3.02 was using a one-way cryptographic hash with a predictable salt making it vulnerable to dictionary attacks by a malicious user," Western Digital explained in a security advisory issued Wednesday. SanDisk SecureAccess (now rebranded to SanDisk PrivateAccess) allows storing and protecting sensitive files on SanDisk USB flash drives. Western Digital has fixed a security vulnerability that enabled attackers to brute force SanDisk SecureAccess passwords and access the users' protected files.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |