Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because the Atmel Toolbox 00.03.11.05 contains two versions of ECDSA signature functions, described as fast and secure, but the affected cards chose to use the fast version, which leaks the bit length of the random nonce via timing. This affects Athena IDProtect 010b.0352.0005, Athena IDProtect 010e.1245.0002, Athena IDProtect 0106.0130.0401, Athena IDProtect 010e.1245.0002, Valid S/A IDflex V 010b.0352.0005, SafeNet eToken 4300 010e.1245.0002, TecSec Armored Card 010e.0264.0001, and TecSec Armored Card 108.0264.0001.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ECDSA/EdDSA 竞争条件问题漏洞
Vulnerability Description
多款Athena产品中的智能卡存在竞争条件问题漏洞。该漏洞源于网络系统或产品在运行过程中,并发代码需要互斥地访问共享资源时,对于并发访问的处理不当。以下产品及版本受到影响:Athena IDProtect 010b.0352.0005;Athena IDProtect 010e.1245.0002;Athena IDProtect 0106.0130.0401;Athena IDProtect 010e.1245.0002;Valid S/A IDflex V 010b.0352.0005;SafeNet
CVSS Information
N/A
Vulnerability Type
N/A