Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1115

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-1115
Last Modified 07 Mar 2011 09:32:03
Published 09 Mar 2006 08:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1115

Summary

nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack.

Vulnerable Systems

Application

  • Ncipher Chil

  • Ncipher Mscapi Csp 5.50

  • Ncipher Mscapi Csp 5.54

  • Ncipher Software Cd


References

XF - ncipher-hsm-weak-key(25060)

BID - 17006

CONFIRM - http://www.ncipher.com/resources/95/sa12_insecure_generation_of_diffiehellman_keys

SECTRACK - 1015719

SECUNIA - 19137

VUPEN - ADV-2006-0862

BUGTRAQ - 20060308 nCipher Advisory #12: Insecure Generation of Diffie-Hellman keys


Last Updated: 27 May 2016 10:41:56