Name of the Vulnerable Software and Affected Versions: openCryptoki versions prior to the fixed version in AlmaLinux 8.5

Description: The issue concerns the opencryptoki packages, which contain version 2.11 of the PKCS#11 API. The problem is that the soft token does not check if an EC key is valid. This affects the software token implementation that can be used without any cryptographic hardware.

Recommendations: For AlmaLinux 8.5, update the openCryptoki package to a version that includes the fix for the issue where the soft token does not check if an EC key is valid. At the moment, there is no information about a newer version that contains a fix for this vulnerability.