Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0063

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0063
Last Modified 05 Sep 2008 04:37:24
Published 17 Feb 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0063

Summary

The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number.

Vulnerable Systems

Application

  • Ncipher Payshield Spp Library 1.3.12

  • Ncipher Payshield Spp Library 1.5.18

  • Ncipher Payshield Spp Library 1.6.18


References

CONFIRM - http://www.ncipher.com/support/advisories/advisory8_payshield.html

XF - payshield-incorrect-request-verification(14832)

BID - 9422

OSVDB - 3537

BUGTRAQ - 20040114 nCipher Advisory #8: payShield library may verify bad requests


Last Updated: 27 May 2016 10:38:27