1. NTAG424 Crypto Stack Leak: Sensitive Keys, Nonces, Session Data Never Zeroed After Use
A critical memory-handling flaw in the NTAG424 authentication and communication code leaves sensitive cryptographic material exposed on the stack, creating a direct physical attack vector. The code fails to zero out key material, nonces, and encrypted session data after use, allowing these secrets to persist in memory....