Alladin Knowledge Systems eToken Vulnerability

vendor:

eToken

by:

SecurityFocus

7.5

CVSS

HIGH

PIN Reset Vulnerability

255

CWE

Product Name: eToken

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Alladin Knowledge Systems eToken Vulnerability

Alladin Knowledge Systems eToken is a USB smartcard-like device used for authentication, file integrity, and encryption. Access to the eToken device itself and entering the PIN number encoded in the eToken will grant authorization to a local user. The PIN number can be reset to the default value with the use of standard device programmers. This can be done by physically opening the eToken device (which can be done without leaving any trace or evidence of tampering) and copying the default PIN value to the location used to store either the user PIN or administrator PIN in the serial EEPROM.

Mitigation:

Ensure that the eToken device is kept secure and that physical access to the device is restricted.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1170/info

Alladin Knowledge Systems eToken is a USB smartcard-like device used for authentication, file integrity, and encryption. Access to the eToken device itself and entering the PIN number encoded in the eToken will grant authorization to a local user. 

The PIN number can be reset to the default value with the use of standard device programmers. This can be done by physically opening the eToken device (which can be done without leaving any trace or evidence of tampering) and copying the default PIN value to the location used to store either the user PIN or administrator PIN in the serial EEPROM.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19894.zip