Menu
▾
▴
[Opensc-commits] [OpenSC/OpenSC] 868f76: Fixed PIN authentication bypass
|
From: Frank M. <no...@gi...> - 2023-06-29 10:51:58
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: 868f76fb31255fd3fdacfc3e476452efeb61c3e7 https://github.com/OpenSC/OpenSC/commit/868f76fb31255fd3fdacfc3e476452efeb61c3e7 Author: Frank Morgner <fra...@gm...> Date: 2023-06-29 (Thu, 29 Jun 2023) Changed paths: M src/libopensc/pkcs15-pin.c Log Message: ----------- Fixed PIN authentication bypass If two processes are accessing a token, then one process may leave the card usable with an authenticated PIN so that a key may sign/decrypt any data. This is especially the case if the token does not support a way of resetting the authentication status (logout). We have some tracking of the authentication status in software via PKCS#11, Minidriver (os-wise) and CryptoTokenKit, which is why a PIN-prompt will appear even though the card may technically be unlocked as described in the above example. However, before this change, an empty PIN was not verified (likely yielding an error during PIN-verification), but it was just checked whether the PIN is authenticated. This defeats the purpose of the PIN verification, because an empty PIN is not the correct one. Especially during OS Logon, we don't want that kind of shortcut, but we want the user to verify the correct PIN (even though the token was left unattended and authentication at the computer). This essentially reverts commit e6f7373ef066cfab6e3162e8b5f692683db23864. |
