First published: Sat Jan 27 2024(Updated: )
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database.
Credit: PSIRT@synaptics.com
Affected Software | Affected Version | How to fix |
---|---|---|
Synaptics Fingerprint Driver | >=6.0.00.1103<6.0.17.1103 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.