Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-40660

A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.

Published

2023-11-06T17:15:11.757

Last Modified

2025-11-03T22:16:26.123

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.6 (MEDIUM)

Weaknesses

Type: Secondary
CWE-287
Type: Secondary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	opensc_project	opensc	≤ 0.23.0	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes

References

https://access.redhat.com/errata/RHSA-2023:7876 ([email protected])
https://access.redhat.com/errata/RHSA-2023:7879 ([email protected])
https://access.redhat.com/security/cve/CVE-2023-40660 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2240912 Issue Tracking ([email protected])
https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 Issue Tracking ([email protected])
https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1 Release Notes ([email protected])
https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2023/12/13/2 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:7876 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2023:7879 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2023-40660 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2240912 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OpenSC/OpenSC/issues/2792#issuecomment-1674806651 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OpenSC/OpenSC/releases/tag/0.24.0-rc1 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/OpenSC/OpenSC/wiki/OpenSC-security-advisories Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/11/msg00024.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/12/msg00026.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/3CPQOMCDWFRBMEFR5VK4N5MMXXU42ODE/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/[email protected]/message/GLYEFIBBA37TK3UNMZN5NOJ7IWCIXLQP/ (af854a3a-2127-422b-91ae-364da2661108)