Title: Aladdin Knowledge Systems eToken PIN Extraction Vulnerability
Severity: LOW
Description:
Alladin Knowledge Systems eToken is a USB smartcard-like device used for authentication, file integrity, and encryption. Access to the eToken device itself and entering the PIN number encoded in the eToken will grant authorization to a local user.
The PIN number can be reset to the default value with the use of standard device programmers. This can be done by physically opening the eToken device (which can be done without leaving any trace or evidence of tampering) and copying the default PIN value to the location used to store either the user PIN or administrator PIN in the serial EEPROM.
Affected Products:
- Aladdin Knowledge Systems eToken 3.3.3
References:
- Aladdin Knowledge Systems: eToken Product Home Page
- L0pht Research Labs/@Stake: Physical Attack Images
- L0pht Research Labs/@Stake: eToken Schematic
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
