SanDisk SecureAccess Flaw Makes Brute Forcing Vault Passwords

SanDisk SecureAccess Flaw Makes Brute Forcing Vault Passwords

Western Digital has patched a security flaw that allowed hackers to brute force SanDisk SecureAccess credentials and get access to customers’ password-protected contents. SanDisk SecureAccess (formerly known as SanDisk PrivateAccess) is a program that allows you to save and safeguard sensitive data on SanDisk USB flash drives.

According to a security alert provided by Western Digital on Wednesday, SanDisk SecureAccess 3.02 used a one-way cryptographic hash with a predictable salt, leaving it open to dictionary attacks by a hostile user. The program also used a password hash that required too little computing work, allowing an attacker to brute force user passwords and gain unauthorized access to user data.

With the release of SanDisk PrivateAccess Version 6.3.5, which now employs PBKDF2-SHA256 with a randomly generated salt, the weakness (CVE-2021-36750) resulting from the key derivation function concerns described above has been fixed.

By visiting this page, you may get more information on updating your installation and moving your SecureAccess Vault to the new PrivateAccess Vault by visiting this page. This necessitates installing the most recent versions of the iXpand Drive mobile software, as well as the Windows and macOS Desktop.

According to Western Digital, “We urge our customers to install this software update immediately to keep their vaults secure. As with any upgrade, it’s best to back up your data before installing the upgrade. Back up your data using the built-in Backup function in the Tools menu.”

While it neglected to notify customers of the change, the business stated that it would offer new model numbers in the future when making hardware modifications that might affect the performance of its goods.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.

Share: