CVE-2024-0914
- EPSS 0.23%
- Published 31.01.2024 05:15:08
- Last modified 21.11.2024 08:47:42
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the ...
CVE-2021-3798
- EPSS 0.15%
- Published 23.08.2022 16:15:09
- Last modified 21.11.2024 06:22:27
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the privat...
CVE-2012-4454
- EPSS 0.53%
- Published 10.10.2012 18:55:04
- Last modified 11.04.2025 00:51:21
openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp.
CVE-2012-4455
- EPSS 0.02%
- Published 10.10.2012 18:55:04
- Last modified 11.04.2025 00:51:21
openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/.