VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Aug 1, 2008· Updated Apr 23, 2026

CVE-2008-2235

CVE-2008-2235

Description

OpenSC before 0.11.5 uses weak permissions (ADMIN file control information of 00) for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, which allows physically proximate attackers to change the PIN.

Affected products

21
  • Opensc Project/Opensc21 versions
    cpe:2.3:a:opensc-project:opensc:0.11.0:*:*:*:*:*:*:*+ 20 more
    • cpe:2.3:a:opensc-project:opensc:0.11.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opensc-project:opensc:0.11.1:*:*:*:*:*:*:*
    • cpe:2.3:a:opensc-project:opensc:0.11.2:*:*:*:*:*:*:*
    • cpe:2.3:a:opensc-project:opensc:0.11.3:*:*:*:*:*:*:*
    • cpe:2.3:a:opensc-project:opensc:0.11.3:pre3:*:*:*:*:*:*
    • cpe:2.3:a:opensc-project:opensc:0.11.4:*:*:*:*:*:*:*
    • cpe:2.3:a:opensc-project:opensc:0.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:opensc-project:opensc:0.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:opensc-project:opensc:0.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opensc-project:opensc:0.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opensc-project:opensc:0.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:opensc-project:opensc:0.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opensc-project:opensc:0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:opensc-project:opensc:0.8.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:opensc-project:opensc:0.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:opensc-project:opensc:0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:opensc-project:opensc:0.9.6:*:*:*:*:*:*:*
    • cpe:2.3:a:opensc-project:opensc:0.9.7:*:*:*:*:*:*:*
    • cpe:2.3:a:opensc-project:opensc:0.9.7:b:*:*:*:*:*:*
    • cpe:2.3:a:opensc-project:opensc:0.9.7:d:*:*:*:*:*:*
    • cpe:2.3:a:opensc-project:opensc:0.9.8:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

15

News mentions

0

No linked articles in our index yet.