Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-0454

ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.

Published

2024-01-12T02:15:44.867

Last Modified

2024-11-21T08:46:37.533

Status

Modified

Source

36106deb-8e95-420b-a0a0-e70af5d245df

Severity

CVSSv3.1: 6.0 (MEDIUM)

Weaknesses

Type: Secondary
CWE-290
Type: Primary
CWE-290

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	emc	elan_match-on-chip_fpr_solution_firmware	3.0.12011.08009	Yes
Operating System	emc	elan_match-on-chip_fpr_solution_firmware	3.3.12011.08103	Yes
Hardware	emc	elan_match-on-chip_fpr_solution	-	No

References

https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy Not Applicable (36106deb-8e95-420b-a0a0-e70af5d245df)
https://github.com/advisories/GHSA-w3jx-33qh-77f8 Third Party Advisory ([email protected])
https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy Not Applicable (af854a3a-2127-422b-91ae-364da2661108)