CVE-2008-2235

Name of the Vulnerable Software and Affected Versions OpenSC versions prior to 0.11.6

Description The issue affects the integrity of protected information and can be exploited locally. It is related to weak permissions used for the 5015 directory on smart cards and USB crypto tokens running Siemens CardOS M4, allowing physically proximate attackers to change the PIN.

Recommendations For versions prior to 0.11.6, update to version 0.11.6 or later to resolve the issue. As a temporary workaround, consider restricting physical access to smart cards and USB crypto tokens to minimize the risk of exploitation.