what you don't know can hurt you


Posted Aug 5, 2004
Authored by HexView

Datakey's tokens and smartcards suffer from a clear text password exposure vulnerability. The communication channel between the token and the driver is not encrypted. A user's PIN can be retrieved using a proxy driver or hardware sniffer. Systems affected: Rainbow iKey2032 USB token and Datakey's up-to-date CIP client package.

tags | advisory
MD5 | eeb3ebb3e6ccc0a53b808eb6a13c65d2


Change Mirror Download
Hash: SHA1

Clear text password exposure in Datakey's tokens and smartcards

Level: [LOW]-med-high-crit
ID: HEXVIEW*2004*08*03*1

Datakey (http://www.datakey.com) delivers smartcard and token-based
authentication and identity management solutions. Datakey's latest
smartcards and USB tokens are based on Philips 5032 cryptoprocessor
running DKCCOS (Datakey Cryptographic Card Operating System). An
implementation flaw makes possible to retrieve user's PIN by sniffing
communication channel between smartcard/token and smartcard driver.

Affected products:
All tests were performed using Rainbow iKey2032 USB token and Datakey's
up-to-date CIP client package. Since the same firmware is also used in
Datakey's 330-series smartcards, all of them are also vulnerable.

Cause and Effect:
The communication channel between the token and the driver is not
encrypted. User's PIN can be retrieved using proxy driver or hardware
sniffer. Retrieved password can later be used by attacker to authenticate
against the token and logon to the system, decrypt confidential
information, or perform other unauthorized activities depending on
what a specific smartcard implementation is used for.
Note that LOW risk level reflects overall industry impact. Since
Datakey's tokens and smartcards are used by many organizations to secure
critical information, the issue may be of much higher concern for some

History Tour:
The vulnerability described in this advisory is not the first and only
problem with Datakey's smartcards. There was an earlier (also resolved)
issue with smartcard driver caching user's PIN in clear text on a local
filesystem. It looks like Datakey may need to send its programmers to
attend some classes on how to write a secure code.

Vendor Status:
Although HexView did not notify the vendor, Datakey was well aware of the
vulnerability and put significant efforts in order to address the issue.
As per reliable source of information, Datakey's new firmware version
encrypts communication channel utilizing Diffie-Hellman to exchange
encryption keys.

Please note that HexView does not notify vendors unless there is a prior
agreement to do so. Vendors interested in receiving notifications prior
to public disclosure or receiving more detailed analysis may obtain
more information by writing to the e-mail address provided at the end
of the document.

About HexView:
HexView contributes to online security-related lists for almost a decade.
The scope of our expertize spreads over Windows, Linux, Sun, MacOS platforms,
network applications, and embedded devices. The chances are you read our
advisories or disclosures. For the sake of readability and easy web indexing
we recently decided to use the HexView alias to publish all the information.

This document may be freely distributed through any channels as long as the
contents are kept unmodified. Commercial use of the information in the document
is not allowed without written permission from HexView signed by our pgp key.

Feedback and comments:
Feedback and questions about this disclosure are welcome at vtalk@hexview.com
Version: GnuPG v1.2.4 (GNU/Linux)



RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    10 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2016 Packet Storm. All rights reserved.

Security Services
Hosting By