Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict TOTP passwords in certain situations. The time value used by the device can be set independently from the used seed value for generating time-based one-time passwords, without authentication. Thus, an attacker with short-time physical access to a device can set the internal real-time clock (RTC) to the future, generate one-time passwords, and reset the clock to the current time. This allows the generation of valid future time-based one-time passwords without having further access to the hardware token.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-06-16T11:35:59
Updated: 2024-08-03T23:17:29.385Z
Reserved: 2021-05-05T00:00:00
Link: CVE-2021-32033
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-06-16T12:15:12.693
Modified: 2024-11-21T06:06:45.167
Link: CVE-2021-32033
Redhat
No data.