Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.
This issue affects:
Amazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.
Insignia TV with FireOS 7.6.3.3.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Bitdefender
Published: 2023-05-03T12:33:31.872Z
Updated: 2024-08-02T05:49:11.227Z
Reserved: 2023-03-14T09:59:35.119Z
Link: CVE-2023-1385
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-05-03T13:15:10.290
Modified: 2024-11-21T07:39:04.880
Link: CVE-2023-1385
Redhat
No data.