2240912 – (CVE-2023-40660) CVE-2023-40660 OpenSC: Potential PIN bypass when card tracks its own login state

Bug 2240912 (CVE-2023-40660) - CVE-2023-40660 OpenSC: Potential PIN bypass when card tracks its own login state

Summary: CVE-2023-40660 OpenSC: Potential PIN bypass when card tracks its own login state

Keywords:
Status:	NEW
Alias:	CVE-2023-40660
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2248092
Blocks:	2240943
TreeView+	depends on / blocked

Reported:	2023-09-27 08:41 UTC by TEJ RATHI
Modified:	2023-12-18 11:01 UTC (History)
CC List:	2 users (show)
Fixed In Version:	OpenSC 0.24.0-rc1
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2023:7876	0	None	None	None	2023-12-18 07:38:04 UTC
Red Hat Product Errata	RHSA-2023:7879	0	None	None	None	2023-12-18 11:01:49 UTC

Description TEJ RATHI 2023-09-27 08:41:14 UTC

When the token/card was plugged into the computer and authenticated from one process, it could be used to provide cryptographic operations from different process when the empty, zero-length PIN and the token can track the login status using some of its internals. This is dangerous for OS logon/screen unlock and small tokens that are plugged permanently to the computer. The bypass was removed and OpenSC implemented explicit logout for most of the card drivers to prevent leaving unattended logged-in tokens

Affected versions: OpenSC 0.17.0 - 0.23.0

https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories
https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1

Comment 2 TEJ RATHI 2023-11-06 05:20:26 UTC

Created opensc tracking bugs for this issue:

Affects: fedora-all [bug 2248092]

Comment 5 errata-xmlrpc 2023-12-18 07:38:03 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7876 https://access.redhat.com/errata/RHSA-2023:7876

Comment 6 errata-xmlrpc 2023-12-18 11:01:48 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7879 https://access.redhat.com/errata/RHSA-2023:7879

Note You need to log in before you can comment on or make changes to this bug.