{"vuid":"VU#659615","idnumber":"659615","name":"Oberthur smart cards generate weak certificates","keywords":["oberthur","smart card","certificates","digital signature","fips","keys"],"overview":"A flaw has been identified in Oberthur ID-One COSMO 64, v5.2 and v5.2a  smart cards, which results in public keys that do not satisfy the requirements of the Digital Signature Standard (as specified in FIPS PUB 186-3 and its predecessors).","clean_desc":"Oberthur ID-One COSMO 64, v5.2 and v5.2a  smart cards contain a flaw, which results in public keys that do not satisfy the requirements of the Digital Signature Standard (as specified in FIPS PUB 186-3 [PDF] and its predecessors).","impact":"An attacker may be able to adversely affect the integrity of the smart card identity.","resolution":"Replace the smart card Organizations should contact Oberthur Technologies through their regular support channels to determine if their smart cards are affected and to receive replacements.","workarounds":"","sysaffected":"","thanks":"Thanks to NSA IAD for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["http://www.oberthur.com/","http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-11-07T19:32:26Z","publicdate":"2012-11-09T00:00:00Z","datefirstpublished":"2012-11-09T14:21:55Z","dateupdated":"2012-11-09T14:21:57Z","revision":22,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"L","cvss_accesscomplexity":"H","cvss_authentication":null,"cvss_confidentialityimpact":"N","cvss_integrityimpact":"C","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"4","cvss_basevector":"AV:L/AC:H/Au:N/C:N/I:C/A:N","cvss_temporalscore":"3.1","cvss_environmentalscore":"2.3","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}