deon/gnuk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added gnuk.h fix

Browse Source
This commit is contained in:
NIIBE Yutaka
2011-05-12 11:22:08 +09:00
parent 112a9f51c2
commit 0f4fac869c
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
NEWS
View File

@@ -17,15 +17,15 @@ setting PW3. Without setting PW3, it becomes "admin-less" mode
by setting PW1.
** Important two bug fixes.
Gnuk (<= 0.11) had a bug which makes possible for attacker to change
user password without knowing original password.
Gnuk (<= 0.11) had a bug which makes possible for attacker to guess
admin password easily. When admin password is not set (the default
value of factory setting), failure of VERIFY doesn't increment error
counter in older versions. Observing no increment of error counter,
attacker could know that admin password is the one of factory setting.
Gnuk (<= 0.11) had a bug which makes possible for attacker to change
user password without knowing original password.
** tool/gnuk_put_binary.py now uses pyscard.
Instead of PyUSB, it uses Python binding of PC/SC. PyUSB version is
still available as tool/gnuk_put_binary_libusb.py.