Summary
Detail | |||
---|---|---|---|
Vendor | Opencryptoki Project | First view | 2012-10-10 |
Product | Opencryptoki | Last view | 2024-01-31 |
Version | 2.2.3 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:opencryptoki_project:opencryptoki |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5.9 | 2024-01-31 | CVE-2024-0914 | A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. |
5.5 | 2022-08-23 | CVE-2021-3798 | A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack. |
2.9 | 2012-10-10 | CVE-2012-4454 | openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
50% (1) | CWE-203 | Information Exposure Through Discrepancy |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2013-01-25 | Name: The remote SuSE 11 host is missing one or more security updates. File: suse_11_openCryptoki-121115.nasl - Type: ACT_GATHER_INFO |