Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1117

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-1117
Last Modified 07 Mar 2011 09:32:03
Published 09 Mar 2006 08:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1117

Summary

nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force.

Vulnerable Systems

Application

  • Ncipher Dse200 Document Sealing Engine

  • Ncipher Ncore

  • Ncipher Nforce

  • Ncipher Securedb

  • Ncipher Time Source Master Clock


References

BID - 17012

CONFIRM - http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_security

SECTRACK - 1015718

SECUNIA - 19137

VUPEN - ADV-2006-0862

XF - ncipher-firmware-weak-security(25063)

BUGTRAQ - 20060309 nCipher Advisory #14: Presence of flaws in firmware security


Last Updated: 27 May 2016 10:41:56