Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing registrations. This vulnerability can be exploited by unauthenticated attackers and the interface is reachable via WebUSB.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ShapeShift KeepKey finite state machine 安全漏洞
Vulnerability Description
ShapeShift KeepKey是一款用于加密货币存储的电子钱包设备。 使用6.2.2之前版本固件的ShapeShift KeepKey中的finite state machine存在安全漏洞,该漏洞源于程序没有进行充足地验证。攻击者可借助特制的消息利用该漏洞将部分加密密钥重置成已知值。
CVSS Information
N/A
Vulnerability Type
N/A