LinuxSecurity.com: Chaskiel M Grundman found that OpenSC would initialize smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN without first having the PIN or PUK, or the superuser's PIN or PUK (CVE-2008-2235).
WESTCOS-TOOL(1) OpenSC tools WESTCOS-TOOL(1)NAME
westcos-tool - utility for manipulating data structures on westcos smart cards
SYNOPSIS
westcos-tool [OPTIONS]
DESCRIPTION
The westcos-tool utility is used to manipulate the westcos data structures on 2 Ko smart cards. Users can create PINs, keys and
certificates stored on the token. User PIN authentication is performed for those operations that require it.
OPTIONS --reader, r num
Use the given reader. The default is the first reader with a card.
--wait, -w
Wait for a card to be inserted
--generate-key, -g
Generate a private key on smart card. The smart card must be not finalized and a PIN must be installed (ie. file for PIN must be
created, see option -i). By default key length is 1536 bits. User authentication is required for this operation.
--overwrite-key, -o
Overwrite the key if there is already a key on card.
--key-length length, -l length
Change the length of private key, use with -g.
--install-pin, -i
Install PIN file in token, you must provide PIN value with -x.
--pin-value value, -x value
set value of PIN.
--puk-value value, -y value
set value of PUK (or value of new PIN for change PIN command see -n).
--change-pin, -n
Changes a PIN stored on the token. User authentication is required for this operation.
--unblock-pin, -u
Unblocks a PIN stored on the token. Knowledge of the PIN Unblock Key (PUK) is required for this operation.
--certificate file, -t file
Write certificate file in PEM format to the card. User authentication is required for this operation.
--finalize, -f
Finalize the card. Once finalized the default key is invalidated so PIN and PUK can't be changed anymore without user authentication.
Warning, un-finalized are insecure because PIN can be changed without user authentication (knowledge of default key is enough).
--read-file path, -j path
Get the file path the file is written on disk with path name. User authentication is required for this operation.
--write-file path, -k path
Put the file with name path from disk to card the file is written in path. User authentication is required for this operation.
--help, -h
Print help message on screen.
-v
Causes westcos-tool to be more verbose. Specify this flag several times to enable debug output in the OpenSC library.
AUTHORS
westcos-tool was written by Francois Leblanc francois.leblanc@cev-sa.com.
opensc 06/03/2012 WESTCOS-TOOL(1)