Pageant appears to remember smartcard PINs across reboots

Question

Pageant appears to remember smartcard PINs across reboots

Closed this issue 4 months ago · 1 comments

After configuring pageant against a smartcard via CAPI, scp works.

Rebooting the machine, logging in and running pageant, scp works again, without asking the end user for the PIN to unlock the smartcard. This suggests the end user's PIN is being stored somewhere on the machine, compromising the PIN to anyone with access to the machine.

Can this behaviour be confirmed?

Answer 1 · 2024-07-10T15:49:21.000Z

If this is occurring, it's definitely not in PuTTY CAC. It might be a "feature" of the specific smartcard minidriver you are using.