Vulnerabilities > CVE-2002-0941 - Unspecified vulnerability in Ncipher Nforce and Nshield

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

ncipher

NVD

Published: 2002-10-04

Updated: 2008-09-05

Summary

The ConsoleCallBack class for nCipher running under JRE 1.4.0 and 1.4.0_01, as used by the TrustedCodeTool and possibly other applications, may leak a passphrase when the user aborts an application that is prompting for the passphrase, which could allow attackers to gain privileges.

Vulnerable Configurations

Part	Description	Count
Application	Ncipher Ncipher Nforce *	1
Hardware	Ncipher Ncipher Nshield *	1

References

http://archives.neohapsis.com/archives/bugtraq/2002-06/0172.html
http://www.iss.net/security_center/static/9354.php
http://www.securityfocus.com/bid/5024