
Dell BIOS Flaw Lets Attackers Recover Passwords From SPI Flash
A newly disclosed critical flaw in how Dell stores BIOS administrator and user passwords allows full recovery of plaintext credentials from a flash dump in milliseconds. Tracked as CVE-2026-40639 (DSA-2026-197), the issue stems from a broken XOR encryption scheme rather than a cryptographic hash. Dell’s DVAR (Dell Variable) region on the SPI flash stores passwords […]
The post Dell BIOS Flaw Lets Attackers Recover Passwords From SPI Flash appeared first on Cyber Security News.