ALAS2-2023-2323 --- openscID: oval:org.secpod.oval:def:1701922 | Date: (C)2023-11-24 (M)2024-02-19 |
Class: PATCH | Family: unix |
Potential PIN bypass.When the token/card was plugged into the computer and authenticated from one process, it could be used to provide cryptographic operations from different process when the empty, zero-length PIN and the token can track the login status using some of its internals. This is dangerous for OS logon/screen unlock and small tokens that are plugged permanently to the computer. multiple memory issues with pkcs15-init