#VU82973 Improper Authorization in OpenSC - CVE-2023-40660


Vulnerability identifier: #VU82973

Vulnerability risk: Low

CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-40660

CWE-ID: CWE-285

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
OpenSC
Universal components / Libraries / Libraries used by multiple products

Vendor: OpenSC

Description

The vulnerability allows an attacker to bypass authorization process.

The vulnerability exists due to a logic error in the authorization process. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. An attacker with physical proximity to the system can bypass the OS logon/screen for small permanently connected tokens to computers.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

OpenSC: 0.2.0 - 0.23.0

External links
https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1
https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories
https://bugzilla.redhat.com/show_bug.cgi?id=2240912
https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651
https://access.redhat.com/security/cve/CVE-2023-40660

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Ubuntu update for opensc
Ubuntu update for opensc
Ubuntu update for opensc
Amazon Linux AMI update for opensc
Gentoo update for OpenSC
Anolis OS update for opensc
Red Hat Enterprise Linux 8 update for opensc
Red Hat Enterprise Linux 9 update for opensc
Fedora 39 update for opensc
Fedora 38 update for opensc