Info

Disclosure

Dec 12, 2000

Discovery

Unknown

Dates

Exploit

Dec 12, 2000

Solution

Unknown

Description

The nCipher swinit utility contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered even when the --no-recovery command line option is explicitly provided, which will disclose application keys resulting in a loss of confidentiality.

Classification

Location: Local Access Required
Attack Type: Authentication Management, Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Upgrade to version 3.70 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

nCipher	nForce	3.62
nCipher	nShield	3.62

References

CVE ID: 2001-0081 (see also: NVD)
ISS X-Force ID: 5999
Vendor Specific Advisory URL: http://active.ncipher.com/updates/advisory.txt
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-12/0152.html
Vendor URL: http://www.ncipher.com/

Credit

nCipher Support - supportncipher.com - nCipher

Direct URL: http://osvdb.org/4849

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

nCipher

nForce

nShield

References

Credit