Vulnerabilities (CVE)

Filtered by vendor Ncipher Subscribe
Total 11 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-1117 1 Ncipher 8 Dse200 Document Sealing Engine, Ncore, Nethsm and 5 more 2024-11-21 2.6 LOW N/A
nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force.
CVE-2006-1116 1 Ncipher 1 Ncore 2024-11-21 5.0 MEDIUM N/A
The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected.
CVE-2006-1115 1 Ncipher 3 Chil, Mscapi Csp, Ncipher Software Cd 2024-11-21 2.6 LOW N/A
nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack.
CVE-2004-0320 1 Ncipher 1 Nshield 2024-11-20 2.1 LOW N/A
Unknown vulnerability in nCipher Hardware Security Modules (HSM) 1.67.x through 1.99.x allows local users to access secrets stored in the module's run-time memory via certain sequences of commands.
CVE-2004-0063 1 Ncipher 1 Payshield Spp Library 2024-11-20 7.5 HIGH N/A
The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number.
CVE-2003-1417 1 Ncipher 1 Support Software 2024-11-20 4.4 MEDIUM N/A
nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files.
CVE-2002-1446 1 Ncipher 1 Pkcs 11 Library 2024-11-20 5.0 MEDIUM N/A
The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages.
CVE-2002-0941 1 Ncipher 2 Nforce, Nshield 2024-11-20 4.6 MEDIUM N/A
The ConsoleCallBack class for nCipher running under JRE 1.4.0 and 1.4.0_01, as used by the TrustedCodeTool and possibly other applications, may leak a passphrase when the user aborts an application that is prompting for the passphrase, which could allow attackers to gain privileges.
CVE-2002-0940 1 Ncipher 1 Mscapi Csp 2024-11-20 4.6 MEDIUM N/A
domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only).
CVE-2002-0939 1 Ncipher 1 Mscapi Csp 2024-11-20 4.6 MEDIUM N/A
The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only).
CVE-2001-0081 1 Ncipher 1 Ncipher 2024-11-20 5.0 MEDIUM N/A
swinit in nCipher does not properly disable the Operator Card Set recovery feature even when explicitly disabled by the user, which could allow attackers to gain access to application keys.