CVE-2022-28382
📋 TL;DR
This CVE describes a cryptographic vulnerability in certain Verbatim encrypted storage drives where AES-256 encryption uses insecure ECB mode instead of a secure mode like CBC or GCM. This allows attackers to potentially extract information from encrypted data by analyzing patterns, compromising confidentiality even when data is encrypted. Affected users include anyone using the specific Verbatim encrypted drives listed below.
💻 Affected Systems
- Verbatim Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428
- Verbatim Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0
- Verbatim Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1
- Verbatim Fingerprint Secure Portable Hard Drive Part Number #53650
📦 What is this software?
Executive Fingerprint Secure Ssd Firmware by Verbatim
View all CVEs affecting Executive Fingerprint Secure Ssd Firmware →
Fingerprint Secure Portable Hard Drive Firmware by Verbatim
View all CVEs affecting Fingerprint Secure Portable Hard Drive Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of encrypted data confidentiality, allowing attackers to reconstruct sensitive files like images, documents, or structured data from encrypted drives without breaking the encryption key.
Likely Case
Partial information leakage where attackers can identify file types, detect patterns, or extract metadata from encrypted data, potentially revealing sensitive information about stored content.
If Mitigated
Limited impact if drives contain only random, unstructured data without repeating patterns, though ECB mode remains cryptographically insecure regardless of data type.
🎯 Exploit Status
Exploitation requires access to encrypted data from the drive. Public proof-of-concept demonstrates pattern analysis on encrypted data. No authentication bypass needed as the vulnerability is in the encryption implementation itself.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: No official vendor advisory found in provided references
Restart Required: No
Instructions:
No firmware patch is available. The only official fix would require hardware replacement with updated drives using secure encryption modes.
🔧 Temporary Workarounds
Use software-based encryption
allDisable the drive's hardware encryption and use operating system or third-party software encryption (like BitLocker, VeraCrypt, or LUKS) with secure modes like CBC, XTS, or GCM.
Encrypt data before storage
allEncrypt sensitive files individually using strong encryption tools before saving them to the drive, effectively double-encrypting the data.
🧯 If You Can't Patch
- Stop using affected drives for sensitive data and migrate to securely encrypted alternatives
- Implement strict physical security controls and inventory tracking for affected drives
🔍 How to Verify
Check if Vulnerable:
Check drive model and part number against affected products list. For technical verification, analyze encrypted data patterns - ECB mode will show repeating 16-byte patterns in ciphertext when plaintext has repeating patterns.Check Version:
No standard command - check physical drive labeling for model numbers and part numbersVerify Fix Applied:
Verify that either: 1) Drive has been replaced with non-vulnerable model, or 2) Software encryption is properly implemented and hardware encryption is disabled.📡 Detection & Monitoring
Log Indicators:
- No specific log indicators as this is a hardware/firmware vulnerability
Network Indicators:
- Not applicable - this is not a network vulnerability
SIEM Query:
Not applicable for this hardware-based vulnerability🔗 References
- http://packetstormsecurity.com/files/167491/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-ECB-Issue.html
- http://packetstormsecurity.com/files/167500/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Risky-Crypto.html
- http://packetstormsecurity.com/files/167528/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html
- http://packetstormsecurity.com/files/167532/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html
- http://seclists.org/fulldisclosure/2022/Jun/18
- http://seclists.org/fulldisclosure/2022/Jun/22
- http://seclists.org/fulldisclosure/2022/Jun/24
- http://seclists.org/fulldisclosure/2022/Jun/9
- http://seclists.org/fulldisclosure/2022/Oct/4
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-002.txt
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-006.txt
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-010.txt
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-015.txt
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-044.txt
- http://packetstormsecurity.com/files/167491/Verbatim-Keypad-Secure-USB-3.2-Gen-1-Drive-ECB-Issue.html
- http://packetstormsecurity.com/files/167500/Verbatim-Store-N-Go-Secure-Portable-HDD-GD25LK01-3637-C-VER4.0-Risky-Crypto.html
- http://packetstormsecurity.com/files/167528/Verbatim-Executive-Fingerprint-Secure-SSD-GDMSFE01-INI3637-C-VER1.1-Risky-Crypto.html
- http://packetstormsecurity.com/files/167532/Verbatim-Fingerprint-Secure-Portable-Hard-Drive-53650-Risky-Crypto.html
- http://seclists.org/fulldisclosure/2022/Jun/18
- http://seclists.org/fulldisclosure/2022/Jun/22
- http://seclists.org/fulldisclosure/2022/Jun/24
- http://seclists.org/fulldisclosure/2022/Jun/9
- http://seclists.org/fulldisclosure/2022/Oct/4
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-002.txt
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-006.txt
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-010.txt
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-015.txt
- https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-044.txt
