cpe:/h:sandisk:cruzer_enterprise_usb CVE-2010-0224 2010-01-07T14:30:00.573-05:00 2018-08-13T17:47:34.947-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-01-08T10:31:00.000-05:00 SECTRACK 1023408 BID 37677 VUPEN ADV-2010-0078 MISC http://blogs.zdnet.com/hardware/?p=6655 MISC http://it.slashdot.org/story/10/01/05/1734242/ MISC http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html MISC http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009 MISC http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_SanDisk_USB-Stick.pdf MISC http://www.syss.de/index.php?id=108&tx_ttnews[tt_news]=528&cHash=8d16fa63d9 MISC https://www.ironkey.com/usb-flash-drive-flaw-exposed XF sandisk-access-control-sec-bypass(55475) SanDisk Cruzer Enterprise USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program.