CVE-2021-32033

CVE-2021-32033 is a medium-severity vulnerability in Protectimus Slim Nfc 70 Firmware with a CVSS 3.x base score of 4.6. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-335.

Key facts

Description

Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict TOTP passwords in certain situations. The time value used by the device can be set independently from the used seed value for generating time-based one-time passwords, without authentication. Thus, an attacker with short-time physical access to a device can set the internal real-time clock (RTC) to the future, generate one-time passwords, and reset the clock to the current time. This allows the generation of valid future time-based one-time passwords without having further access to the hardware token.

Frequently asked questions

What is CVE-2021-32033?
Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict TOTP passwords in certain situations. The time value used by the device can be set independently from the used seed value for generating time-based one-time passwords, without authentication. Thus, an attacker with short-time physical access to a device can set the internal real-time clock (RTC) to the future, generate one-time passwords, and reset the clock to the current time. This allows the generation of valid future time-based one-time passwords without having further access to the hardware token.
How severe is CVE-2021-32033?
CVE-2021-32033 has a CVSS 3.x base score of 4.6, rated medium severity. It is exploitable over physical access with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is high, integrity none, and availability none.
Is CVE-2021-32033 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (41st percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2021-32033?
CVE-2021-32033 affects Protectimus Slim Nfc 70 Firmware. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2021-32033?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2021-32033 published?
CVE-2021-32033 was published on 2021-06-16 and last updated on 2026-06-17.

References

Affected products (1)

Other CWE-335 vulnerabilities

Browse all CWE-335 vulnerabilities →