[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-0368Date: (C)2009-03-02   (M)2023-12-22


OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
BID-33922
SECUNIA-34052
SECUNIA-34120
SECUNIA-34362
SECUNIA-34377
SECUNIA-35065
SECUNIA-36074
DSA-1734
FEDORA-2009-2266
FEDORA-2009-2267
GLSA-200908-01
SUSE-SR:2009:010
http://www.opensc-project.org/pipermail/opensc-announce/2009-February/000023.html
http://openwall.com/lists/oss-security/2009/02/26/1
opensc-pkcs-unauth-access(48958)

CWE    1
CWE-310
OVAL    7
oval:org.mitre.oval:def:8385
oval:org.secpod.oval:def:101476
oval:org.secpod.oval:def:300524
oval:org.secpod.oval:def:102103
...

© SecPod Technologies