Summary
| Detail | |||
|---|---|---|---|
| Vendor | Opencryptoki Project | First view | 2012-10-10 |
| Product | Opencryptoki | Last view | 2024-01-31 |
| Version | 2.2.3 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:opencryptoki_project:opencryptoki | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.9 | 2024-01-31 | CVE-2024-0914 | A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. |
| 5.5 | 2022-08-23 | CVE-2021-3798 | A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack. |
| 2.9 | 2012-10-10 | CVE-2012-4454 | openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 50% (1) | CWE-203 | Information Exposure Through Discrepancy |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2013-01-25 | Name: The remote SuSE 11 host is missing one or more security updates. File: suse_11_openCryptoki-121115.nasl - Type: ACT_GATHER_INFO |
