Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Gentoo: GLSA-200812-09 Normal: OpenSC Insufficient PIN Protection

gentoo
Calendar Grey December 10, 2008
Dist Gentoo Esm H88
The recent Gentoo Linux Security Update highlights vulnerabilities in OpenSC related to weak smart card PIN safeguarding, which may result in security breaches.
Smart cards formatted using OpenSC do not sufficiently protect the PIN, allowing attackers to reset it.

Summary

Gentoo Linux Security Advisory GLSA 200812-09 https://security.gentoo.org/ Severity: Normal Title: OpenSC: Insufficient protection of smart card PIN Date: December 10, 2008 Bugs: #233543 ID: 200812-09

Synopsis ======= Smart cards formatted using OpenSC do not sufficiently protect the PIN, allowing attackers to reset it.
Background ========= OpenSC is a smart card application that allows reading and writing via PKCS#11.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/opensc < 0.11.6 >= 0.11.6
========== Chaskiel M Grundman reported that OpenSC uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and U...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory gentoo authentication normal smart card opensc insufficient protection

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Topics%20covered

Topics Covered

security advisory gentoo authentication normal smart card opensc insufficient protection

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here