Datakey's Rainbow iKey USB Token and Smart Card contain a flaw that may lead to an unauthorized password exposure. The issue is due to the communication channel between the token and the driver being plaintext. By sniffing communication channel between smartcard/token and smartcard driver, a remote attacker can retrive the user password, resulting in a loss of confidentiality.
Classification
Location:
Remote/Network Access Required
Attack Type:
Cryptographic,
Information Disclosure
Impact:
Loss of Confidentiality
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
Solution
Currently, there are no known workarounds or upgrades to correct this issue. However, Datakey has released a new firmware to address this vulnerability.