CVE-2008-2235

Published: Aug 1, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

30473

vdb-entry

x_refsource_BID

31330

third-party-advisory

x_refsource_SECUNIA

34362

third-party-advisory

x_refsource_SECUNIA

MDVSA-2008:183

vendor-advisory

x_refsource_MANDRIVA

http://www.opensc-project.org/security.html

x_refsource_CONFIRM

33115

third-party-advisory

x_refsource_SECUNIA

SUSE-SR:2009:004

vendor-advisory

x_refsource_SUSE

31360

third-party-advisory

x_refsource_SECUNIA

FEDORA-2009-2267

vendor-advisory

x_refsource_FEDORA

DSA-1627

vendor-advisory

x_refsource_DEBIAN

[opensc-announce] 20080731 OpenSC Security Vulnerability and new Versions of OpenSC, OpenCT, LibP11, Pam_P11, Engine_PKCS11

mailing-list

x_refsource_MLIST

32099

third-party-advisory

x_refsource_SECUNIA

SUSE-SR:2008:019

vendor-advisory

x_refsource_SUSE

GLSA-200812-09

vendor-advisory

x_refsource_GENTOO

opensc-smartcard-cryptotoken-weak-security(44140)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2008-2235

Description

Affected Products

References