Showing 1 - 1 of 1

CVE-2023-40660

Status Candidate

Overview

A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.

Related Files

Red Hat Security Advisory 2023-7876-03: Posted Dec 20, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-7876-03 - An update for opensc is now available for Red Hat Enterprise Linux 8. Issues addressed include a bypass vulnerability.; tags | advisory, bypass; systems | linux, redhat; advisories | CVE-2023-40660; SHA-256 | e166f025c98c78bc231527d657dc8d681065b9f4b2220116fa85d72d3953db7f; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 237 files
Ubuntu 88 files
indoushka 67 files
Jasper Nota 25 files
Willem Westerhof 19 files
Gentoo 18 files
Debian 18 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,093)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,547)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,665)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,473)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,730)
UNIX (9,433)
UnixWare (187)
Windows (6,671)
Other

CVE-2023-40660

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems