Opencryptoki Project : Security Vulnerabilities, CVEs,
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.
Max CVSS
5.9
EPSS Score
0.08%
Published
2024-01-31
Updated
2024-04-16
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.
Max CVSS
5.5
EPSS Score
0.05%
Published
2022-08-23
Updated
2023-07-10
openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/.
Max CVSS
6.2
EPSS Score
0.04%
Published
2012-10-10
Updated
2023-02-13
openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp.
Max CVSS
2.9
EPSS Score
0.04%
Published
2012-10-10
Updated
2023-02-13
4 vulnerabilities found