CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
73.3%
nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack.
Vendor | Product | Version | CPE |
---|---|---|---|
ncipher | chil | * | cpe:2.3:a:ncipher:chil:*:*:*:*:*:*:*:* |
ncipher | mscapi_csp | 5.50 | cpe:2.3:a:ncipher:mscapi_csp:5.50:*:*:*:*:*:*:* |
ncipher | mscapi_csp | 5.54 | cpe:2.3:a:ncipher:mscapi_csp:5.54:*:*:*:*:*:*:* |
ncipher | ncipher_software_cd | * | cpe:2.3:a:ncipher:ncipher_software_cd:*:*:*:*:*:*:*:* |
secunia.com/advisories/19137
securitytracker.com/id?1015719
www.ncipher.com/resources/95/sa12_insecure_generation_of_diffiehellman_keys
www.securityfocus.com/archive/1/427146/100/0/threaded
www.securityfocus.com/bid/17006
www.vupen.com/english/advisories/2006/0862
exchange.xforce.ibmcloud.com/vulnerabilities/25060