Summary
This host is installed with OpenSC and is prone to Insecure Key Generation vulnerability.
Impact
Successful exploitation will allow attacker to obtain the sensitive information or gain unauthorized access to the smartcard.
Impact Level: Application
Solution
Upgrade to OpenSC version 0.11.8
http://www.opensc-project.org/files/opensc
Insight
Security issues are due to,
- a tool that starts a key generation with public exponent set to 1, an invalid value that causes an insecure RSA key.
- a PKCS#11 module that accepts that this public exponent and forwards it to the card.
- a card that accepts the public exponent and generates the rsa key.
Affected
OpenSC version prior to 0.11.8 on Linux.
References
Severity
Classification
-
CVE CVE-2009-1603 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities