CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-13603

An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. It has a statically coded initialization vector to encrypt a user's fingerprint image, resulting in weak encryption of that. This, in combination with retrieving an encrypted fingerprint image and encryption key (through another vulnerability), allows an attacker to obtain a user's fingerprint image.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.8%

CVSS Severity

CVSS v3 Score 5.9

CVSS v2 Score 4.3

References

https://github.com/sungjungk/fp-scanner-hacking
https://www.youtube.com/watch?v=Grirez2xeas
https://www.youtube.com/watch?v=wEXJDyEOatM
https://github.com/sungjungk/fp-scanner-hacking
https://www.youtube.com/watch?v=Grirez2xeas
https://www.youtube.com/watch?v=wEXJDyEOatM

Products affected by CVE-2019-13603

Hidglobal » Digital Persona U.are.u 4500 » Version: N/A

cpe:2.3:h:hidglobal:digital_persona_u.are.u_4500:-
Hidglobal » Digital Persona U.are.u 4500 Driver Firmware » Version: 5.0.0.5

cpe:2.3:o:hidglobal:digital_persona_u.are.u_4500_driver_firmware:5.0.0.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-13603

Products

Pricing

Contact Us