Bug 2240912 (CVE-2023-40660)

Summary: CVE-2023-40660 OpenSC: Potential PIN bypass when card tracks its own login state
Product: [Other] Security Response Reporter: TEJ RATHI <trathi>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: gpantela, jjelen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: OpenSC 0.24.0-rc1 Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 2248092    
Bug Blocks: 2240943    

Description TEJ RATHI 2023-09-27 08:41:14 UTC
When the token/card was plugged into the computer and authenticated from one process, it could be used to provide cryptographic operations from different process when the empty, zero-length PIN and the token can track the login status using some of its internals. This is dangerous for OS logon/screen unlock and small tokens that are plugged permanently to the computer. The bypass was removed and OpenSC implemented explicit logout for most of the card drivers to prevent leaving unattended logged-in tokens

Affected versions: OpenSC 0.17.0 - 0.23.0


Comment 2 TEJ RATHI 2023-11-06 05:20:26 UTC
Created opensc tracking bugs for this issue:

Affects: fedora-all [bug 2248092]

Comment 5 errata-xmlrpc 2023-12-18 07:38:03 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7876 https://access.redhat.com/errata/RHSA-2023:7876

Comment 6 errata-xmlrpc 2023-12-18 11:01:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7879 https://access.redhat.com/errata/RHSA-2023:7879