Filtered by vendor Ncipher Subscriptions
Total 11 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-1117 1 Ncipher 8 Dse200 Document Sealing Engine, Ncore, Nethsm and 5 more 2018-10-18 N/A
nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force.
CVE-2006-1116 1 Ncipher 1 Ncore 2018-10-18 N/A
The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected.
CVE-2006-1115 1 Ncipher 3 Chil, Mscapi Csp, Ncipher Software Cd 2018-10-18 N/A
nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack.
CVE-2004-0320 1 Ncipher 1 Nshield 2017-10-10 N/A
Unknown vulnerability in nCipher Hardware Security Modules (HSM) 1.67.x through 1.99.x allows local users to access secrets stored in the module's run-time memory via certain sequences of commands.
CVE-2004-0063 1 Ncipher 1 Payshield Spp Library 2017-10-10 N/A
The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number.
CVE-2001-0081 1 Ncipher 1 Ncipher 2017-10-10 N/A
swinit in nCipher does not properly disable the Operator Card Set recovery feature even when explicitly disabled by the user, which could allow attackers to gain access to application keys.
CVE-2003-1417 1 Ncipher 1 Support Software 2017-07-29 N/A
nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files.
CVE-2002-0940 1 Ncipher 1 Mscapi Csp 2008-09-10 N/A
domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only).
CVE-2002-0939 1 Ncipher 1 Mscapi Csp 2008-09-10 N/A
The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only).
CVE-2002-1446 1 Ncipher 1 Pkcs 11 Library 2008-09-05 N/A
The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages.
CVE-2002-0941 1 Ncipher 2 Nforce, Nshield 2008-09-05 N/A
The ConsoleCallBack class for nCipher running under JRE 1.4.0 and 1.4.0_01, as used by the TrustedCodeTool and possibly other applications, may leak a passphrase when the user aborts an application that is prompting for the passphrase, which could allow attackers to gain privileges.