CVE-2024-1578
📋 TL;DR
A firmware fault in MiCard PLUS card readers causes random character drops during ID card reads, potentially assigning wrong card numbers during self-registration. This compromises ID card uniqueness and can cause failed logins for end-users. Organizations using rf IDEAS/NT-ware MiCard PLUS readers with ID card self-registration are affected.
💻 Affected Systems
- MiCard PLUS Ci
- MiCard PLUS BLE
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Multiple users get assigned duplicate ID card numbers, allowing unauthorized access through credential confusion or privilege escalation if card numbers are tied to permissions.
Likely Case
Intermittent login failures for legitimate users due to mismatched card numbers, causing helpdesk burden and user frustration.
If Mitigated
Minor operational disruption with occasional failed authentications that require manual intervention.
🎯 Exploit Status
Exploitation requires physical access to card readers and depends on random character drop occurrences. Not a targeted attack but a reliability issue that creates security implications.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific firmware versions
Vendor Advisory: https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters
Restart Required: Yes
Instructions:
1. Check current firmware version on MiCard PLUS readers. 2. Download updated firmware from vendor. 3. Apply firmware update following vendor instructions. 4. Reboot readers after update. 5. Verify fix by testing card reads.
🔧 Temporary Workarounds
Disable ID Card Self-Registration
allTurn off the self-registration function to prevent wrong card number assignments
Consult device configuration manual for specific commands
Implement Manual Registration
allUse administrative tools to manually register ID cards instead of self-registration
🧯 If You Can't Patch
- Disable ID card self-registration function entirely
- Implement secondary authentication factor to compensate for potential card read errors
🔍 How to Verify
Check if Vulnerable:
Check if using MiCard PLUS Ci or BLE readers with ID card self-registration enabled. Test multiple card reads to observe character drops.Check Version:
Consult device documentation for firmware check command (typically through device management interface)Verify Fix Applied:
After firmware update, perform multiple test card reads and verify all characters are consistently captured. Check firmware version matches patched version.📡 Detection & Monitoring
Log Indicators:
- Multiple failed authentication attempts from same user
- Authentication logs showing inconsistent card numbers
- User complaints about card readers not working consistently
Network Indicators:
- Increased authentication failure rates from card reader systems
SIEM Query:
source="card_reader_logs" AND (event="authentication_failure" OR event="card_read_error") | stats count by user, card_number