Showing 1 - 1 of 1

CVE-2023-40660

Status Candidate

Overview

A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.

Related Files

Red Hat Security Advisory 2023-7876-03: Posted Dec 20, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-7876-03 - An update for opensc is now available for Red Hat Enterprise Linux 8. Issues addressed include a bypass vulnerability.; tags | advisory, bypass; systems | linux, redhat; advisories | CVE-2023-40660; SHA-256 | e166f025c98c78bc231527d657dc8d681065b9f4b2220116fa85d72d3953db7f; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 269 files
Ubuntu 55 files
Gentoo 32 files
Debian 28 files
Apple 9 files
malvuln 6 files
nu11secur1ty 4 files
Adam Gowdiak 4 files
Ahmet Umit Bayram 3 files
liquidsky 3 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,619)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,770)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,499)
UNIX (9,401)
UnixWare (187)
Windows (6,659)
Other

CVE-2023-40660

Overview

Related Files

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems