Code injection

nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack...

CVE-2006-1115

nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack...

CVE-2006-1116

The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected...

CVE-2006-1117

nCipher firmware before V10, as used by 1 nShield, 2 nForce, 3 netHSM, 4 payShield, 5 SecureDB, 6 DSE200 Document Sealing Engine, 7 Time Source Master Clock TSMC, and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote...

CVE-2006-1117

CVE-2006-1117 concerns nCipher firmware before v10 (used by nShield, nForce, netHSM, payShield, SecureDB, DSE200, TSMC, and possibly others). The issue arises from options meant for testing, not production, which might allow remote attackers to obtain encryption keys and crack them with less effo...

CVE-2006-1115

CVE-2006-1115 affects nCipher HSM prior to 2.22.6. When generating a Diffie-Hellman public/private key pair without explicit DiscreteLogGroup parameters, the HSM may choose random parameters that could let an attacker recover the private key in less time than a brute-force search. The provided do...

CVE-2006-1116

The CVE-2006-1116 issue affects the nCipher nCore API prior to version 2.18, where the CBC-MAC integrity functions transmit the initialization vector (IV) as part of a message when the IV is non-zero. This can allow remote attackers to bypass integrity checks and modify messages without detection...

CVE-2006-1115

nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack...

CVE-2006-1117

nCipher firmware before V10, as used by 1 nShield, 2 nForce, 3 netHSM, 4 payShield, 5 SecureDB, 6 DSE200 Document Sealing Engine, 7 Time Source Master Clock TSMC, and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote...

Multiple nCipher products cryptographic problems

Weak pseudo-random numbers generation, vulnerabilities in network protocol...

nCipher Advisory #13: CBC-MAC IV misleading programming interface

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 nCipher Security Advisory No. 13 CBC-MAC IV misleading programming interface ------------------------------------------- Note ==== nCipher is publishing three advisories numbered 12, 13 and 14 simultaneously. You are advised to review all three before...

nCipher Advisory #14: Presence of flaws in firmware security

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 nCipher Security Advisory No. 14 Presence of flaws in firmware security -------------------------------------- Note ==== nCipher is publishing three advisories numbered 12, 13 and 14 simultaneously. You are advised to review all three before taking an...

[SA19137] nCipher Products Multiple Vulnerabilities

TITLE: nCipher Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA19137 VERIFY ADVISORY: http://secunia.com/advisories/19137/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: From remote OPERATING SYSTEM: nCipher payShield http://secunia.com/product/2831/ nCipher nShield...

nCipher Cryptographic Hardware Interface Library cryptographic weakness

On process forking random bytes cache is not clearing, leading to same pseudorandom sequence is generated with few child processes...

[SA16323] nCipher CHIL Random Cache Inheritance Security Issue

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2004-0320

Unknown vulnerability in nCipher Hardware Security Modules HSM 1.67.x through 1.99.x allows local users to access secrets stored in the module's run-time memory via certain sequences of commands...

CVE-2004-0320

CVE-2004-0320 concerns nCipher Hardware Security Modules (HSM) versions 1.67.x–1.99.x. It describes a local-access flaw where an attacker can access secrets stored in the module’s run-time memory via certain sequences of commands. The publicly stated impact is partial confidentiality with local a...

CVE-2004-0063

The vulnerability CVE-2004-0063 affects the nCipher payShield SPP library (versions 1.3.12, 1.5.18, 1.6.18). The root cause is that the SPP_VerifyPVV function returns a Status_OK value even when the HSM reports a different status, which could lead applications to make incorrect security-critical ...

CVE-2002-1446

The CVE-2002-1446 entry concerns the nCipher PKCS#11 library (version 1.2.0 and later). The C_Verify error checking routine for a symmetric verification key can return CKR_OK even when it detects an invalid signature, creating a vulnerability where remote attackers could modify or forge messages....

CVE-2004-0063

The SPPVerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a StatusOK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number...