[原文]Datakey Rainbow iKey2032 USB token, when using the CIP client package, does not encrypt communications between the token and the driver, which could allow local users to obtain the PINs of other users.
Datakey's smartcards contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the cards cache user information on a local filesystem in cleartext, which will disclose the user's PIN, resulting in a loss of confidentiality.
Upgrade to the most recent version , as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.