{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-40660", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-08-18T08:08:53.353Z", "datePublished": "2023-11-06T16:58:42.939Z", "dateUpdated": "2024-11-23T03:33:08.690Z"}, "containers": {"cna": {"title": "Opensc: potential pin bypass when card tracks its own login state", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness."}], "affected": [{"versions": [{"status": "affected", "version": "0.17.0", "lessThan": "0.24.0", "versionType": "semver"}], "packageName": "OpenSC", "collectionURL": "https://github.com/OpenSC/OpenSC", "defaultStatus": "unaffected"}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "opensc", "defaultStatus": "affected", "versions": [{"version": "0:0.20.0-7.el8_9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:8::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "opensc", "defaultStatus": "affected", "versions": [{"version": "0:0.23.0-3.el9_3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:9::baseos"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "opensc", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:7876", "name": "RHSA-2023:7876", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7879", "name": "RHSA-2023:7879", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-40660", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240912", "name": "RHBZ#2240912", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651"}, {"url": "https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1"}, {"url": "https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories"}], "datePublic": "2023-09-25T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-327", "description": "Use of a Broken or Risky Cryptographic Algorithm", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm", "timeline": [{"lang": "en", "time": "2023-09-27T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-09-25T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Upstream acknowledges Deepanjan Pal (Oracle Corporation) as the original reporter."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-23T03:33:08.690Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:38:51.123Z"}, "title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2023/12/13/2", "tags": ["x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7876", "name": "RHSA-2023:7876", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7879", "name": "RHSA-2023:7879", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-40660", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240912", "name": "RHBZ#2240912", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651", "tags": ["x_transferred"]}, {"url": "https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1", "tags": ["x_transferred"]}, {"url": "https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00024.html", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CPQOMCDWFRBMEFR5VK4N5MMXXU42ODE/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLYEFIBBA37TK3UNMZN5NOJ7IWCIXLQP/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6722AEB-DDA9-49E4-9D5C-FBE1F15230AF", "versionEndIncluding": "0.23.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en los paquetes OpenSC que permiten una posible omisi\u00f3n del PIN. Cuando un token/tarjeta es autenticado por un proceso, puede realizar operaciones criptogr\u00e1ficas en otros procesos cuando se pasa un pin vac\u00edo de longitud cero. Este problema plantea un riesgo de seguridad, particularmente para el inicio de sesi\u00f3n/desbloqueo de pantalla del sistema operativo y para tokens peque\u00f1os conectados permanentemente a las maquinas. Adem\u00e1s, el token puede rastrear internamente el estado de inicio de sesi\u00f3n. Esta falla permite que un atacante obtenga acceso no autorizado, lleve a cabo acciones maliciosas o comprometa el sistema sin que el usuario se de cuenta."}], "id": "CVE-2023-40660", "lastModified": "2024-11-23T04:15:04.593", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-06T17:15:11.757", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7876"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7879"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-40660"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240912"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651"}, {"source": "secalert@redhat.com", "tags": ["Release Notes"], "url": "https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2023/12/13/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7876"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7879"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-40660"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240912"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00024.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CPQOMCDWFRBMEFR5VK4N5MMXXU42ODE/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLYEFIBBA37TK3UNMZN5NOJ7IWCIXLQP/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "Upstream acknowledges Deepanjan Pal (Oracle Corporation) as the original reporter.", "affected_release": [{"advisory": "RHSA-2023:7876", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "opensc-0:0.20.0-7.el8_9", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-12-19T00:00:00Z"}, {"advisory": "RHSA-2023:7879", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "opensc-0:0.23.0-3.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-12-19T00:00:00Z"}], "bugzilla": {"description": "OpenSC: Potential PIN bypass when card tracks its own login state", "id": "2240912", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240912"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-327", "details": ["A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.", "A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness."], "name": "CVE-2023-40660", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "opensc", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2023-09-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-40660\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-40660\nhttps://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651\nhttps://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1\nhttps://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories"], "threat_severity": "Moderate", "upstream_fix": "OpenSC 0.24.0-rc1"}