Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1446


Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1446
Last Modified 05 Sep 2008 04:30:37
Published 01 Aug 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages.

Vulnerable Systems


  • Ncipher Pkcs 11 Library 1.2.0



BID - 5498

XF - ncipher-cverify-improper-verification(9895)

BUGTRAQ - 20020819 nCipher Advisory #5: C_Verify validates incorrect symmetric signatures

Last Updated: 27 May 2016 10:37:20