OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2009-03-02 14:30
Updated : 2017-08-07 18:33
NVD link : CVE-2009-0368
Mitre link : CVE-2009-0368
JSON object : View
CWE
CWE-310
Cryptographic Issues
Products Affected
opensc-project
- opensc