CVE-2002-1446

2002-08-01T04:00:00
ID CVE-2002-1446
Type cve
Reporter cve@mitre.org
Modified 2008-09-05T20:30:00

Description

The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages.