Dell BIOS Flaw Lets Attackers Recover Admin Passwords From SPI Flash in Milliseconds

A critical flaw in how Dell stores BIOS administrator and user passwords allows full password recovery from a flash dump in milliseconds, with no brute force required. The vulnerability, tracked as CVE-2026-40639 (DSA-2026-197), stems from a broken XOR encryption scheme rather than a proper cryptographic hash. Dell stores BIOS passwords in the DVAR (Dell Variable) […]

The post Dell BIOS Flaw Lets Attackers Recover Admin Passwords From SPI Flash in Milliseconds appeared first on Cyber Security News.

This article has been indexed from Cyber Security News

Read the original article: