Weak Permissions in OpenSC Affecting Siemens CardOS M4
CVE-2008-2235

Currently unrated

Key Information:

Vendor: Opensc-project
Status: Opensc
Vendor: CVE Published:; 1 August 2008

🔔 Create Opensc-project Vulnerability Alert

What is CVE-2008-2235?

OpenSC prior to version 0.11.5 is plagued by weak permissions related to the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4. This security flaw enables attackers in close physical proximity to exploit the weak file controls, facilitating unauthorized changes to the Personal Identification Number (PIN). Organizations utilizing this software should be aware of the implications and take necessary precautions to secure their installations.

References

http://www.securityfocus.com/bid/30473

vdb-entryx_refsource_BID

http://secunia.com/advisories/31330

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/34362

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 1, 2008
Vulnerability Reserved
May 16, 2008

CVE-2008-2235 Data

JSON