santomet/pv204_project

Issues

• 🟡 Security Vulnerability: IV for AES-CBC mode is always the same

  #12 opened 4 years ago by lsolodkova
  0

• ❌ Software Development

  #15 opened 4 years ago by OTFlorian
  0

• ❌ Compliance with the Assignment

  #14 opened 4 years ago by OTFlorian
  0

• 🟠 Security Vulnerability: Message to terminate session has no effect, last session can be reused

  #13 opened 4 years ago by mvondracek
  0

• 🟡 PC application terminates with an exception if an incorrect PIN is used

  #11 opened 4 years ago by mvondracek
  0

• 🟠 Security Vulnerability: Applet can be forced to reuse session key from the last session

  #10 opened 4 years ago by mvondracek
  0

• 🟠 Security Vulnerability: PIN is stored in plaintext in the memory (RAM) for the whole execution of the computer application

  #9 opened 4 years ago by mvondracek
  0

• 🔴 Security Vulnerability: Messages can be replayed due to too small range of counter, and the attacker can change the user’s key

  #8 opened 4 years ago by mvondracek
  0

• 🔴 Security Vulnerability: PIN of the applet can be cracked with an online brute-force attack

  #7 opened 4 years ago by mvondracek
  0

• 🔴 Security Vulnerability: PIN is hardcoded in the source code of the applet

  #5 opened 4 years ago by mvondracek
  0

• 🔴 Security Vulnerability: PIN is hardcoded in the source code of the PC application

  #6 opened 4 years ago by mvondracek
  0

• CAP File

  #4 opened 4 years ago by OTFlorian
  0

• How to report security vulnerabilities?

  #3 opened 4 years ago by mvondracek
  2

• Investigate what is going on with JCMathLib, maybe push some changes made to the library

  #2 opened 4 years ago by santomet
  0

• Remake all the other INS for secure channel

  #1 opened 4 years ago by santomet
  0