CVE-2008-2235

OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.

Published: Aug 1, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-2235
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.9
AV:L/AC:L/Au:N/C:N/I:C/A:N

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
opensc-project / opensc	0.3.2	0.3.2.x
opensc-project / opensc	0.3.5	0.3.5.x
opensc-project / opensc	0.4.0	0.4.0.x
opensc-project / opensc	0.6.0	0.6.0.x
opensc-project / opensc	0.6.1	0.6.1.x
opensc-project / opensc	0.7.0	0.7.0.x
opensc-project / opensc	0.8	0.8.x
opensc-project / opensc	0.8.0.0	0.8.0.0.x
opensc-project / opensc	0.8.1	0.8.1.x
opensc-project / opensc	0.9	0.9.x
opensc-project / opensc	0.9.6	0.9.6.x
opensc-project / opensc	0.9.7	0.9.7.x
opensc-project / opensc	0.9.7-b	0.9.7-b.x
opensc-project / opensc	0.9.7-d	0.9.7-d.x
opensc-project / opensc	0.9.8	0.9.8.x
opensc-project / opensc	0.11.0	0.11.0.x
opensc-project / opensc	0.11.1	0.11.1.x
opensc-project / opensc	0.11.2	0.11.2.x
opensc-project / opensc	0.11.3-pre3	0.11.3-pre3.x
opensc-project / opensc	0.11.3	0.11.3.x
opensc-project / opensc	0.11.4	0.11.4.x

Vulnerability Database

289,599

CVE-2008-2235