{"vuid":"VU#395981","idnumber":"395981","name":"Self-encrypting hard drives do not adequately protect data","keywords":["VU#760533"],"overview":"There are multiple vulnerabilities in implementations of ATA Security or TCG Opal Standards in Self-Encrypting Disks  (SEDs), which can allow an attacker to decrypt contents of an encrypted drive.","clean_desc":"CVE-2018-12037 There is no cryptographic relation between the password provided by the end user and the key used for the encryption of user data. This can allow an attacker to access the key without knowing the password provided by the end user,allowing the attacker to decrypt information encrypted with that key. According to National Cyber Security Centre - The Netherlands(NCSC-NL),the following products are affected by CVE-2018-12037: Crucial(Micron)MX100,MX200 and MX300 drives Samsung T3 and T5 portable drives Samsung 840 EVO and 850 EVO drives(In\"ATA high\" mode these devices are vulnerable,In\"TCG\"or\"ATA max\"mode these devices are NOT vulnerable.) CVE-2018-12038 Key information is stored within a wear-leveled storage chip. Wear-leveling does not guarantee that an old copy of updated data is fully removed. If the updated data is written to a new segment,old versions of data may exist in the previous segment for some time after it has been updated(until that previous segment is overwritten). This means that if a key is updated with a new password,the previous version of the key(either unprotected,or with an old password)could be accessible,negating the need to know the updated password. According to NCSC-NL,the following products are affected by CVE-2018-12038: Samsung 840 EVO drives Other products were not reported to have been tested,and similar vulnerabilities may be found in those products.","impact":"These vulnerabilities allow for full recovery of the data without knowledge of any secret, when the attacker has physical access to the drive.","resolution":"Apply patches\nVendors have issued patches to address the vulnerabilities. See the Vendor pages below for additional information.","workarounds":"If patches are not able to be deployed, consider the following workarounds: Do not use drive-based encryption\nUse software-based encryption rather than the hardware-based encryption provided by self-encrypting drives. Additional Information: According to NCSC-NL, BitLocker as bundled with Microsoft Windows relies on hardware full-disk encryption by default if the drive indicates that it can support this. To determine whether BitLocker is using hardware-based encryption or software-based encryption: Run \"manage-bde.exe -status\" in an administrator command prompt. If the \"Encryption Method\" starts with \"Hardware Encryption\", then BitLocker is using the self-encrypting disk's hardware-based encryption implementation. If the \"Encryption Method\" states something other than \"Hardware Encryption\", such as \"AES-128\" or \"XTS AES-256\", then BitLocker is using software-based encryption. BitLocker's default encryption method can be controlled with Group Policy settings. Configure these settings to force BitLocker to use software-based encryption by default. Once these policy settings have been changed, BitLocker needs to be disabled and re-enabled to re-encrypt the drive with software-based encryption (if not already using software-based encryption). Group policy links to control hardware-based BitLocker encryption: Fixed data drives: https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-hdefxd\nOS drives: https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-hdeosd\nRemovable drives: https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-hderdd","sysaffected":"","thanks":"Thanks to Carlo Meijer and Bernard van Gastel for reporting these vulnerabilities and the National Cyber Security Centre of the Netherlands for leading the coordination of this vulnerability.","author":"This document was written by Trent Novelly and Laurie Tyzenhaus.","public":["https://www.ru.nl/english/news-agenda/news/vm/icis/cyber-security/2018/radboud-university-researchers-discover-security/","https://www.ru.nl/publish/pages/909282/draft-paper.pdf","https://www.ncsc.nl/dienstverlening/response-op-dreigingen-en-incidenten/beveiligingsadviezen/NCSC-2018-0984+1.00+Meerdere+kwetsbaarheden+ontdekt+in+implementaties+Self-Encrypting+Drives.html","https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180028","https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj679890(v=ws.11)#configure-use-of-hardware-based-encryption-for-fixed-data-drives","https://www.samsung.com/semiconductor/minisite/ssd/support/consumer-notice/","https://www.crucial.com/usa/en/support-ssd-firmware/","https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-hdefxd","https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-hdeosd","https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings#bkmk-hderdd","https://support.lenovo.com/us/en/product_security/LEN-25256","https://www.westerndigital.com/support/productsecurity/wdc-19006-sandisk-x600-sata-ssd"],"cveids":["CVE-2018-12037 ","CVE-2018-12038","CVE-2019-10705","CVE-2019-10706","CVE-2019-10636 ","CVE-2019-11686 "],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2018-10-23T13:27:31Z","publicdate":"2018-11-05T00:00:00Z","datefirstpublished":"2018-11-06T23:20:35Z","dateupdated":"2019-11-14T12:27:31Z","revision":90,"vrda_d1_directreport":"0","vrda_d1_population":"4","vrda_d1_impact":"4","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"L","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"N","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"H","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"4.7","cvss_basevector":"AV:L/AC:M/Au:N/C:C/I:N/A:N","cvss_temporalscore":"3.7","cvss_environmentalscore":"4.0449003364224","cvss_environmentalvector":"CDP:ND/TD:M/CR:H/IR:ND/AR:ND","metric":0.0,"vulnote":null}