Dec 10, 2021
81 Views
0 0

SanDisk SecureAccess bug allows brute forcing vault passwords

Written by

ALPHV BlackCat – This year’s most sophisticated ransomware
SonicWall ‘strongly urges’ customers to patch critical SMA 100 bugs
Windows ‘InstallerFileTakeOver’ zero-day bug gets free micropatch
Cox discloses data breach after hacker impersonates support agent
Kali Linux 2021.4 released with 9 new tools, further Apple M1 support
ALPHV BlackCat – This year’s most sophisticated ransomware
Malicious Notepad++ installers push StrongPity malware
Dark Mirai botnet targeting RCE on popular TP-Link router
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
eLearning
IT Certification Courses
Gear + Gadgets
Security
SanDisk SecureAccess bug allows brute forcing vault passwordsSanDisk SecureAccess bug allows brute forcing vault passwords
Western Digital has fixed a security vulnerability that enabled attackers to brute force SanDisk SecureAccess passwords and access the users’ protected files.
SanDisk SecureAccess (now rebranded to SanDisk PrivateAccess) allows storing and protecting sensitive files on SanDisk USB flash drives.
“SanDisk SecureAccess 3.02 was using a one-way cryptographic hash with a predictable salt making it vulnerable to dictionary attacks by a malicious user,” Western Digital explained in a security advisory issued Wednesday.
“The software also made use of a password hash with insufficient computational effort that would allow an attacker to brute force user passwords leading to unauthorized access to user data.”
The flaw (CVE-2021-36750) stemming from the key derivation function issues presented above has been addressed with the release of SanDisk PrivateAccess Version 6.3.5, which now uses PBKDF2-SHA256 together with a randomly generated salt.
You can find detailed information here on upgrading your installation and migrating the SecureAccess Vault to the new PrivateAccess Vault.
This requires updating the iXpand Drive mobile app and the Windows and macOS Desktop to the latest released versions.
“We urge our customers to install this software update immediately to keep their vaults secure,” Western Digital added.
“As with any upgrade, it is best to back up your data before installing the upgrade. Back up your data using the built-in Backup function in the Tools menu.”
In related news, Western Digital confirmed a speed crippling SN550 SSD flash change in August (with writing speed decreases of up to 50%) after replacing the NAND flash memory in the WD Blue SN550, one of its most popular M.2 NVMe SSD models.
While it failed to alert customers of the change, the company said that, in the future, it would also introduce new model numbers when making hardware changes impacting its’ products’ performance.
Dark Mirai botnet targeting RCE on popular TP-Link router
Windows ‘InstallerFileTakeOver’ zero-day bug gets free micropatch
New Cerber ransomware targets Confluence and GitLab servers
Grafana fixes zero-day vulnerability after exploits spread over Twitter
Moobot botnet spreading via Hikvision camera vulnerability
Not a member yet? Register Now
Grafana fixes zero-day vulnerability after exploits spread over Twitter
Google disrupts massive Glupteba botnet, sues Russian operators
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source

Article Categories:
Cybersecurity News

Comments are closed.