CVE-2022-28386 Explained : Impact and Mitigation

An issue was discovered in certain Verbatim drives through 2022-03-31 where the lockout security feature does not work as specified, allowing more than 20 unlock attempts. This affects Keypad Secure USB 3.2 Gen 1 Drive and Store 'n' Go Secure Portable HDD.

Understanding CVE-2022-28386

This CVE identifies a security issue in certain Verbatim drives related to the lockout feature not functioning correctly.

What is CVE-2022-28386?

The security lockdown feature on affected Verbatim drives fails after 20 unlock attempts, compromising device security.

The Impact of CVE-2022-28386

The vulnerability allows an attacker to perform more than 20 unlock attempts, bypassing the intended security measures.

Technical Details of CVE-2022-28386

This section outlines specific technical details of the CVE.

Vulnerability Description

The security feature intended to lock out the device after a certain number of failed attempts is ineffective, exposing the device to potential unauthorized access.

Affected Systems and Versions

Verbatim Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0 are impacted by this vulnerability.

Exploitation Mechanism

Attackers can exploit this vulnerability by attempting multiple incorrect passcodes or unlock sequences until the lockout feature is bypassed.

Mitigation and Prevention

In this section, we discuss steps to mitigate and prevent exploitation of CVE-2022-28386.

Immediate Steps to Take

Users should be cautious with unlocking attempts and contact Verbatim for potential firmware updates or replacements.

Long-Term Security Practices

Regularly update the device firmware and follow best practices for data security to reduce the risk of unauthorized access.

Patching and Updates

Stay informed about security advisories and apply patches or updates provided by Verbatim to address the security flaw.