CVE-2003-1417 - nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the te

CVE-2003-1417

Summary

nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files.

References

http://marc.info/?l=bugtraq&m=104619088801750&w=2
http://www.ncipher.com/support/advisories/advisory7_keyduplicates.html
http://www.securityfocus.com/bid/6927
https://exchange.xforce.ibmcloud.com/vulnerabilities/11422

Vulnerable Configurations

cpe:2.3:a:ncipher:support_software:6.00:*:*:*:*:*:*:*
cpe:2.3:a:ncipher:support_software:6.00:*:*:*:*:*:*:*

CVSS

Base:	4.4 (as of 29-07-2017 - 01:29)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	6927
bugtraq	20030225 nCipher Advisory #7: Unexpected copies of imported software keys
confirm	http://www.ncipher.com/support/advisories/advisory7_keyduplicates.html
xf	ncipher-duplicate-keys(11422)

Last major update

29-07-2017 - 01:29

Published

31-12-2003 - 05:00

Last modified

29-07-2017 - 01:29