#VU82973 Improper Authorization in OpenSC


Published: 2023-11-10

Vulnerability identifier: #VU82973

Vulnerability risk: Low

CVSSv3.1: 6.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-40660

CWE-ID: CWE-285

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
OpenSC
Universal components / Libraries / Libraries used by multiple products

Vendor: OpenSC

Description

The vulnerability allows an attacker to bypass authorization process.

The vulnerability exists due to a logic error in the authorization process. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. An attacker with physical proximity to the system can bypass the OS logon/screen for small permanently connected tokens to computers.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

OpenSC: 0.2.0 - 0.23.0 rc2

External links
http://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1
http://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories
http://bugzilla.redhat.com/show_bug.cgi?id=2240912
http://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
http://access.redhat.com/security/cve/CVE-2023-40660

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Red Hat Enterprise Linux 8 update for opensc
Red Hat Enterprise Linux 9 update for opensc
Fedora 39 update for opensc
Fedora 38 update for opensc
SUSE update for opensc
SUSE update for opensc
Multiple vulnerabilities in OpenSC
openEuler 22.03 LTS SP2 update for opensc
openEuler 20.03 LTS SP3 update for opensc