Vulnerabilities > CVE-2002-1446 - Unspecified vulnerability in Ncipher Pkcs 11 Library 1.2.0

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

ncipher

NVD

Published: 2002-08-01

Updated: 2008-09-05

Summary

The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages.

Vulnerable Configurations

Part	Description	Count
Application	Ncipher Ncipher Pkcs 11 Library 1.2.0	1

References

http://archives.neohapsis.com/archives/bugtraq/2002-08/0172.html
http://www.iss.net/security_center/static/9895.php
http://www.ncipher.com/support/advisories/advisory5_c_verify.html
http://www.securityfocus.com/bid/5498