> that contains a table where different products are said to be vulnerable
> to certain attacks (checked with a tool called Tookan)
> Vendors are Feitian, Aladdin, Sata, Gemtalto, etc.
> The document mentions the following attacks - since I'm new to the
> matter I was asking myself wether I should avoid products that were
> mentioned to be vulnerable in the document.
It does not describe problems with the actual hardware, it describes logic flaws in the PKCS#11 host software of a token, if used in a specific way.
> wrap/decrypt attack based on symmetric keys
> wrap/decrypt attack based on asymmetric keys
OpenSC does not support wrapping or creating key material as session objects in the context of PKCS#11. In fact, at the moment the OpenSC PKCS#11 implementations does not really promote the generation of onboard keys via PKCS#11, as the PKCS#11 model is somewhat limited and does not match smart card world 1:1.
> sensitive keys are directly readable
> unextractable keys are directly readable (forbidden by the standard)
> sensitive/unextractable keys can be changed into nonsensitive/extractable
OpenSC is a gateway to the hardware capabilities of a smart card. A smart card enforces any rules (like access conditions) in hardware and OpenSC PKCS#11 module just implements the interface to access the device.
> Has this paper already been discussed here? I tried searching for it but
> could not find anythin on the list, yet.
No, but links to such papers are most welcome in the future as well.