-
Notifications
You must be signed in to change notification settings - Fork 50
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Adding Recovery of Disk Contains Sensitive Material
- Loading branch information
Showing
1 changed file
with
21 additions
and
0 deletions.
There are no files selected for viewing
21 changes: 21 additions & 0 deletions
21
...n/insecure_os_firmware/recovery_of_disk_contains_sensitive_material/template.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# Recovery of Disk Contains Sensitive Material | ||
|
||
## Overview of the Vulnerability | ||
|
||
The device's storage medium fails to adequately delete data when a factory reset is performed due to a flaw in the process. An attacker with access to the storage medium post-reset can recover and exploit the sensitive information. | ||
|
||
## Business Impact | ||
|
||
The incomplete deletion of sensitive data during a factory reset poses a substantial risk of data breaches. If exploited, this vulnerability can lead to the unauthorized disclosure of confidential information, undermining customer trust and violating privacy regulations. The consequent legal, financial, and reputational damages can significantly impact the organization's standing and operations. | ||
|
||
## Steps to Reproduce | ||
|
||
1. Perform a factory reset on the device to initiate the data removal process. | ||
2. Access the storage medium of the device after the reset. | ||
3. Use {{tool}} to retrieve previously stored sensitive information. | ||
|
||
## Proof of Concept (PoC) | ||
|
||
The following screenshot(s) demonstrate(s) this vulnerability: | ||
|
||
{{screenshot}} |