- Home
- CVEs with nessus.description==The remote host is affected by the vulnerability described in GLSA-200812-09 (OpenSC: Insufficient protection of smart card PIN)
Chaskiel M Grundman reported that OpenSC uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4.
Impact :
A physically proximate attacker can exploit this vulnerability to change the PIN on a smart card and use it for authentication, leading to privilege escalation.
Workaround :
There is no known workaround at this time.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top