Vulnerabilities > CVE-2003-1417 - Credentials Management vulnerability in Ncipher Support Software 6.00

CVSS 4.4 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

ncipher

CWE-255

NVD

Published: 2003-12-31

Updated: 2017-07-29

Summary

nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files.

Vulnerable Configurations

Part	Description	Count
Application	Ncipher Ncipher Support Software 6.00	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://marc.info/?l=bugtraq&m=104619088801750&w=2
http://www.ncipher.com/support/advisories/advisory7_keyduplicates.html
http://www.securityfocus.com/bid/6927
https://exchange.xforce.ibmcloud.com/vulnerabilities/11422