Vulnerabilities > Ncipher

DATE CVE VULNERABILITY TITLE RISK
2006-03-09 CVE-2006-1117 Unspecified vulnerability in Ncipher products
nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force.
network
high complexity
ncipher
2.6
2006-03-09 CVE-2006-1116 Unspecified vulnerability in Ncipher Ncore 2.17
The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected.
network
low complexity
ncipher
5.0
2006-03-09 CVE-2006-1115 Unspecified vulnerability in Ncipher Chil, Mscapi CSP and Ncipher Software CD
nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack.
network
high complexity
ncipher
2.6
2004-11-23 CVE-2004-0320 Unspecified vulnerability in Ncipher Nshield
Unknown vulnerability in nCipher Hardware Security Modules (HSM) 1.67.x through 1.99.x allows local users to access secrets stored in the module's run-time memory via certain sequences of commands.
local
low complexity
ncipher
2.1
2004-02-17 CVE-2004-0063 Unspecified vulnerability in Ncipher Payshield SPP Library 1.3.12/1.5.18/1.6.18
The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g.
network
low complexity
ncipher
7.5
2003-12-31 CVE-2003-1417 Credentials Management vulnerability in Ncipher Support Software 6.00
nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files.
4.4
2002-10-04 CVE-2002-0941 Unspecified vulnerability in Ncipher Nforce and Nshield
The ConsoleCallBack class for nCipher running under JRE 1.4.0 and 1.4.0_01, as used by the TrustedCodeTool and possibly other applications, may leak a passphrase when the user aborts an application that is prompting for the passphrase, which could allow attackers to gain privileges.
local
low complexity
ncipher
4.6
2002-10-04 CVE-2002-0940 Unspecified vulnerability in Ncipher Mscapi CSP 5.50/5.54
domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only).
local
low complexity
ncipher
4.6
2002-10-04 CVE-2002-0939 Unspecified vulnerability in Ncipher Mscapi CSP 5.50/5.54
The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only).
local
low complexity
ncipher
4.6
2002-08-01 CVE-2002-1446 Unspecified vulnerability in Ncipher Pkcs 11 Library 1.2.0
The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages.
network
low complexity
ncipher
5.0