nCipher PKCS#11对称消息签名验证漏洞

漏洞信息详情

nCipher PKCS#11对称消息签名验证漏洞

• CNNVD编号：CNNVD-200208-001
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2002-1446
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2002-08-01
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-06-06
  
• 厂        商：
  
  ncipher
• 漏洞来源：
  Published in an nC…

nCipher PKCS＃11 库1.2.0之后版本的对称密钥验证中用于C_Verify调用的错误检查惯例在即使删除有效签名时仍返回CKR_OK状态。远程攻击者可以利用该漏洞修改或伪造消息。

nCipher reports that updated versions of the library are available for Microsoft Windows, Linux, AIX, Solaris and HP-UX. Customers are advised to contact the vendor for updates, or to check the availability of fixes for other platforms.

来源: www.ncipher.com
链接:http://www.ncipher.com/support/advisories/advisory5_c_verify.html

来源: BID
名称: 5498
链接:http://www.securityfocus.com/bid/5498

来源: XF
名称: ncipher-cverify-improper-verification(9895)
链接:http://www.iss.net/security_center/static/9895.php

来源: BUGTRAQ
名称: 20020819 nCipher Advisory #5: C_Verify validates incorrect symmetric signatures
链接:http://archives.neohapsis.com/archives/bugtraq/2002-08/0172.html