HP Card Readers B Models Information Disclosure Vulnerability

A vulnerability allowing information disclosure has been identified in HP Card Readers B Models (X3D03B & Y7C05B). This issue could allow prior user identity to be inherited under certain conditions, such as when an NFC device (like a smartphone or smartwatch) is near the card reader during a card swipe. This vulnerability requires physical access to the card reader and cannot be exploited remotely. Additionally, if cards are set to use Secure Credentials, such as a PIN, this information disclosure scenario does not apply.

Impact

Exploitation of this vulnerability could lead to unauthorized information disclosure, allowing the prior user identity to be inherited under specific conditions.

Remediation

HP has released a firmware update for the affected card readers. For detailed upgrade instructions, contact HP Support via email at ATS.solutions@hp.com and use the subject line 'Card Reader Bulletin'.