Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1446

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-1446
Last Modified 05 Sep 2008 04:30:37
Published 01 Aug 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1446

Summary

The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages.

Vulnerable Systems

Application

  • Ncipher Pkcs 11 Library 1.2.0


References

CONFIRM - http://www.ncipher.com/support/advisories/advisory5_c_verify.html

BID - 5498

XF - ncipher-cverify-improper-verification(9895)

BUGTRAQ - 20020819 nCipher Advisory #5: C_Verify validates incorrect symmetric signatures


Last Updated: 27 May 2016 10:37:20