Weak eCryptFS Key Generation in Samsung KNOX 1.0 Exposing Sensitive Data
CVE-2016-1919

4.7MEDIUM

Key Information:

Vendor
Samsung
Status
Knox
Vendor
CVE Published:
27 January 2017

Summary

Samsung KNOX 1.0 employs a flawed eCryptFS key generation algorithm, which significantly increases the risk of sensitive information being compromised. Local users may exploit this weakness by leveraging knowledge of the TIMA key to execute brute-force attacks, potentially gaining unauthorized access to encrypted data.

References

http://packetstormsecurity.com/files/135303/Samsung-KNOX-...
x_refsource_MISC
http://www.securityfocus.com/archive/1/537319/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://lists.openwall.net/bugtraq/2016/01/17/2
mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.