Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services. This issue affects: Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. Insignia TV with FireOS 7.6.3.3.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Bitdefender

Published: 2023-05-03T12:33:31.872Z

Updated: 2024-08-02T05:49:11.227Z

Reserved: 2023-03-14T09:59:35.119Z

Link: CVE-2023-1385

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-05-03T13:15:10.290

Modified: 2024-11-21T07:39:04.880

Link: CVE-2023-1385

cve-icon Redhat

No data.