How severe is CVE-2023-40660?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.6 out of 10.

What type of vulnerability is CVE-2023-40660?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2023-40660 - MEDIUM Severity | CVSS 6.6

Vulnerability Description

A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.

Related Vulnerabilities

CVE-2018-19937

MEDIUM

CVSS:6.6(Medium)

A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone.

CWE-2872018

CVE-2019-14238

MEDIUM

CVSS:6.6(Medium)

On STMicroelectronics STM32F7 devices, Proprietary Code Read Out Protection (PCROP) (a software IP protection method) can be defeated with a debug probe via the Instruction Tightly Coupled Memory (ITC...

CWE-2872019

CVE-2019-14239

MEDIUM

CVSS:6.6(Medium)

On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a software IP protection method for execute-only access) can be defeated by leveraging a load instruction insid...

CWE-2872019

CVE-2020-1787

MEDIUM

CVSS:6.6(Medium)

HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1) have an improper authentication vulnerability. The system has a logic error under certain scenario, successful exploit could all...

CWE-2872020

CVE-2022-44244

MEDIUM

CVSS:6.6(Medium)

An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator.

CWE-2872022

CVE-2023-20199

MEDIUM

CVSS:6.6(Medium)

A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerabil...

CWE-2872023