Multiple Vendor ATM Hardware Security Module PIN Generation/Verification Vulnerability

Multiple Vendor ATM Hardware Security Module PIN Generation/Verification Vulnerability

A paper has been released detailing design flaws in the APIs used by various ATM Hardware Security Modules (HSM) to protect customer PIN numbers. Various potential attacks exist on methods used to generate and verify PIN numbers which may significantly reduce the difficulty of brute force attempts.