Datakey Cleartext Filesystem Cache PIN Exposure

2004-08-03T02:41:31
ID OSVDB:8385
Type osvdb
Reporter HexView(vuln@hexview.com)
Modified 2004-08-03T02:41:31

Description

Vulnerability Description

Datakey's smartcards contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the cards cache user information on a local filesystem in cleartext, which will disclose the user's PIN, resulting in a loss of confidentiality.

Solution Description

Upgrade to the most recent version , as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Datakey's smartcards contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the cards cache user information on a local filesystem in cleartext, which will disclose the user's PIN, resulting in a loss of confidentiality.

References:

Vendor URL: http://www.datakey.com Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0027.html CVE-2004-1709