Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-362: OpenSC

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-362: OpenSC
# 1  
Old 08-20-2008
S-362: OpenSC
It was discovered that OpenSC, a library and utilities to handle smart cards, would initialise smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN. The risk is MEDIUM. With this bug anyone can change a user PIN without having the PIN or PUK or the superusers PIN or PUK. However it can not be used to figure out the PIN.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT CENTOS

openpgp-tool

OPENPGP-TOOL(1) 						   OpenSC Tools 						   OPENPGP-TOOL(1)

NAME

       openpgp-tool - utility for accessing visible data OpenPGP smart cards and compatible tokens

SYNOPSIS

       openpgp-tool [OPTIONS]

DESCRIPTION

       The openpgp-tool utility is used for accessing data from the OpenPGP v1.1 and v2.0 smart cards and compatible tokens like e.g. GPF
       CryptoStick v1.x, which might not be present in PKCS#15 objects but available in custom files on the card. The data can be printed on
       screen or used by other programs via environment variables.

OPTIONS

       --exec prog, -x prog
	   Execute the given program with data in environment variables.

       --help, -h
	   Print help message on screen.

       --raw
	   Print values in raw format, as they are stored on the card.

       --pretty
	   Print values in pretty format.

       --user-info, -U
	   Show card holder information.

       --reader num, -r num
	   Use the given reader. The default is the first reader with a card.

       --verify pintype
	   Verify PIN (CHV1, CHV2 or CHV3).

       --pin string
	   The PIN text to verify.

       --gen-key ID, -G ID
	   Generate key. Specify key ID (1, 2 or 3) to generate.

       --key-length bitlength, -L bitlength
	   Length (default 2048 bit) of the key to be generated.

       --version, -V
	   Print the version of the utility and exit.

       --verbose, -v
	   Verbose operation. Use several times to enable debug output.

       --wait, -w
	   Wait for a card to be inserted.

AUTHORS

       openpgp-tool utility was written by Peter Marschall <peter@adpm.de>.

opensc								    06/17/2014							   OPENPGP-TOOL(1)