Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Attackers could potentially use this vulnerability to change the balance on the cards and generate money. The account balance is stored on an insecure MiFare Classic NFC card and can be read and written back. By carefully observing changes in card dumps, one can identify fields that store the cash value of the card. Additionally, a checksum can be identified, which is created by XOR-ing the cash and an unknown field with a certain value. By updating the fields accordingly, arbitrary amounts of money can be loaded onto the card (up to $655,35) to pay for goods.
CVSS Information
N/A
Vulnerability Type
敏感信息的不安全存储
Vulnerability Title
KioSoft Stored Value Unattended Payment Solutions 安全漏洞
Vulnerability Description
KioSoft Stored Value Unattended Payment Solutions是美国KioSoft公司的一款自助支付解决方案。 KioSoft Stored Value Unattended Payment Solutions存在安全漏洞,该漏洞源于使用不安全的MiFare Classic NFC卡存储账户余额,可能导致攻击者修改卡内余额并生成资金。
CVSS Information
N/A
Vulnerability Type
N/A