Vulnerability CVE-2006-1117
Published: 2006-03-09   Modified: 2012-02-12

Description:
nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force.

Type:

CWE-Other

CVSS2 => (AV:N/AC:H/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.6/10
2.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Ncipher -> Dse200 document sealing engine 
Ncipher -> Ncore 
Ncipher -> Nforce 
Ncipher -> Securedb 
Ncipher -> Time source master clock 
Ncipher -> Nethsm 
Ncipher -> Nshield 
Ncipher -> Payshield 

 References:
http://securitytracker.com/id?1015718
http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_security
http://www.securityfocus.com/archive/1/427151/100/0/threaded
http://www.securityfocus.com/bid/17012
http://www.vupen.com/english/advisories/2006/0862
https://exchange.xforce.ibmcloud.com/vulnerabilities/25063
Copyright 2024, cxsecurity.com

 

Back to Top