CVE-2023-40660

CVSS 3.1 Score 6.6 of 10 (medium)

Details

Published Nov 6, 2023
Updated: Dec 23, 2023
CWE ID 287

Summary

CVE-2023-40660 is a vulnerability affecting OpenSC packages that enables a potential PIN bypass. When a token is authenticated by one process, it can perform cryptographic operations in other processes even with an empty pin. This weakness poses a significant security risk, particularly for operating system logon and screen unlock, as well as for small, permanently connected tokens to computers. An attacker can exploit this flaw to gain unauthorized access, execute malicious actions, or compromise systems without the user's knowledge. Essentially, the token's internal login status can be manipulated, enabling unauthorized access and potential system compromise.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Opensc-project Opensc
  • Red Hat Enterprise Linux

Affected Vendors

  • Red Hat