Vulnerabilities > CVE-2006-1115 - Unspecified vulnerability in Ncipher Chil, Mscapi CSP and Ncipher Software CD
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
References
- http://secunia.com/advisories/19137
- http://securitytracker.com/id?1015719
- http://www.ncipher.com/resources/95/sa12_insecure_generation_of_diffiehellman_keys
- http://www.securityfocus.com/archive/1/427146/100/0/threaded
- http://www.securityfocus.com/bid/17006
- http://www.vupen.com/english/advisories/2006/0862
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25060