Opencryptokiproject Opencryptoki
By the Year
In 2024 there have been 1 vulnerability in Opencryptokiproject Opencryptoki with an average score of 5.9 out of ten. Opencryptoki did not have any published security vulnerabilities last year. That is, 1 more vulnerability have already been reported in 2024 as compared to last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 1 | 5.90 |
2023 | 0 | 0.00 |
2022 | 1 | 5.50 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Opencryptoki vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Opencryptokiproject Opencryptoki Security Vulnerabilities
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts
CVE-2024-0914
5.9 - Medium
- January 31, 2024
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key.
Side Channel Attack
A flaw was found in openCryptoki
CVE-2021-3798
5.5 - Medium
- August 23, 2022
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.
openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK
CVE-2012-4455
- October 10, 2012
openCryptoki 2.4.1 allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) LCK..opencryptoki or (2) LCK..opencryptoki_stdll file in /var/lock/.
insecure temporary file
openCryptoki before 2.4.1, when using spinlocks
CVE-2012-4454
- October 10, 2012
openCryptoki before 2.4.1, when using spinlocks, allows local users to create or set world-writable permissions on arbitrary files via a symlink attack on the (1) .pkapi_xpk or (2) .pkcs11spinloc file in /tmp.
Permissions, Privileges, and Access Controls
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Opencryptokiproject Opencryptoki or by Opencryptokiproject? Click the Watch button to subscribe.