| |
Vulnerability CVE-2023-1385
Published: 2023-05-03
Description: |
Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.
This issue affects:
Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.
Insignia TV with FireOS 7.6.3.3. |
Type:
CWE-330 (Use of Insufficiently Random Values)
References: |
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-amazon-fire-tv-stick-insignia-fire-os-tv-series/
|
|
|
Copyright 2024, cxsecurity.com
|
|
|