| |
Podatność CVE-2023-1385
Publikacja: 2023-05-03
Opis: |
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.
This issue affects:
Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.
Insignia TV with FireOS 7.6.3.3. |
Typ:
CWE-330 (Use of Insufficiently Random Values)
Referencje: |
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-amazon-fire-tv-stick-insignia-fire-os-tv-series/
|
|
|
Copyright 2024, cxsecurity.com
|
|
|