Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1116

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-1116
Last Modified 07 Mar 2011 09:32:03
Published 09 Mar 2006 08:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1116

Summary

The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected.

Vulnerable Systems

Application

  • Ncipher Ncore 2.17


References

BID - 17011

CONFIRM - http://www.ncipher.com/resources/96/sa13_cbcmac_iv_misleading_programming_interface

SECTRACK - 1015718

SECUNIA - 19137

VUPEN - ADV-2006-0862

XF - ncipher-ncore-bypass-security(25062)

BUGTRAQ - 20060308 nCipher Advisory #13: CBC-MAC IV misleading programming interface


Last Updated: 27 May 2016 10:41:56