NuytsTech Security

CVE-2024-0454

by ·

ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor.
This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity.
Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.

More information : https://github.com/advisories/GHSA-w3jx-33qh-77f8

Attack vector : PHYSICAL
Attack complexity : LOW
Privileges required : NONE
User interaction : NONE
Confidentiality impact : HIGH
Integrity impact : HIGH
Base score : 6.1
Base severity : MEDIUM
Exploitability score : 0.9
Impact score : 5.2

Tags: