CVE-2023-40660: Opensc: potential pin bypass when card tracks its own login state
First published: Wed Sep 27 2023(Updated: )
A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/OpenSC | <0.24.0 | 0.24.0 |
| Opensc Project Opensc | <=0.23.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2023/12/13/2
- https://access.redhat.com/errata/RHSA-2023:7876
- https://access.redhat.com/errata/RHSA-2023:7879
- https://access.redhat.com/security/cve/CVE-2023-40660
- https://bugzilla.redhat.com/show_bug.cgi?id=2240912
- https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
- https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1
- https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories
- https://lists.debian.org/debian-lts-announce/2023/11/msg00024.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GLYEFIBBA37TK3UNMZN5NOJ7IWCIXLQP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3CPQOMCDWFRBMEFR5VK4N5MMXXU42ODE/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2248092
Frequently Asked Questions
What is CVE-2023-40660?
CVE-2023-40660 is a vulnerability in OpenSC packages that allows a potential PIN bypass.
How does CVE-2023-40660 work?
When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed.
What is the severity of CVE-2023-40660?
The severity of CVE-2023-40660 is medium, with a CVSS score of 6.6.
How do I fix CVE-2023-40660?
To fix CVE-2023-40660, update to version 0.24.0 of OpenSC packages.
Are there any references for CVE-2023-40660?
Yes, you can refer to the following links for more information: [Red Hat Security Advisory](https://access.redhat.com/security/cve/CVE-2023-40660), [Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=2240912), [GitHub Issue](https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651).
- collector/oss-sec
- alias/CVE-2023-40660
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/title
- agent/author
- agent/references
- agent/weakness
- agent/severity
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- agent/description
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/opensc project
- canonical/opensc project opensc
- version/opensc project opensc/0.23.0
- vendor/redhat
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- version/redhat enterprise linux/9.0
- package-manager/redhat