8384 : Datakey Token/SmartCard Cleartext Transmission PIN Exposure
Printer | http://osvdb.org/8384 | Email This | Edit Vulnerability

Views This Week

Views All Time

Info

Last Modified

7 months ago

Percent Complete

90%

Disclosure

Aug 06, 2004

Discovery

Unknown

Dates

Exploit

Aug 04, 2004

Solution

Unknown

Description

Datakey's Rainbow iKey USB Token and Smart Card contain a flaw that may lead to an unauthorized password exposure. The issue is due to the communication channel between the token and the driver being plaintext. By sniffing communication channel between smartcard/token and smartcard driver, a remote attacker can retrive the user password, resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Cryptographic, Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Datakey has released a new firmware to address this vulnerability.

Products

Datakey	Smart Card	330
		330i
		330j
	GSA compatible Smart Card	330g
	Biometric-enabled Smart Card	330m
	User PIN unblocking Smart Card	330u
	Rainbow iKey USB Token	2032

References

ISS X-Force ID: 16887
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0091.html
Vendor URL: http://www.datakey.com/home.php
Packet Storm: http://packetstormsecurity.org/0408-advisories/datakeyPassword.txt

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Datakey

Smart Card

GSA compatible Smart Card

Biometric-enabled Smart Card

User PIN unblocking Smart Card

Rainbow iKey USB Token

References

Credit

Blogs

Comments