CERTA-2004-AVI-229

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité présente dans nCipher netHSM permet à un utilisateur local d'accèder à des informations sensibles.

Description

NetHSM (Network Connected Hardware Security Modules) est un équipement connecté au réseau utilisé pour le stockage de clefs cryptographiques qui fournit des fonctions de signature, chiffrement et déchiffrement.

Une vulnérabilité permet à un utilisateur local mal intentionné de récupérer la phrase d'authentification (passphrase) sauvegardée en clair dans un fichier journal.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cette action étant irréversible, il est conseillé de contacter le support nCipher en cas de doute.

None
Impacted products
Vendor Product Description
N/A N/A nCipher netHSM version 2.1.
N/A N/A nCipher netHSM version 2 ;
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "nCipher netHSM version 2.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "nCipher netHSM version 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nNetHSM (Network Connected Hardware Security Modules) est un \u00e9quipement\nconnect\u00e9 au r\u00e9seau utilis\u00e9 pour le stockage de clefs cryptographiques\nqui fournit des fonctions de signature, chiffrement et d\u00e9chiffrement.\n\nUne vuln\u00e9rabilit\u00e9 permet \u00e0 un utilisateur local mal intentionn\u00e9 de\nr\u00e9cup\u00e9rer la phrase d\u0027authentification (passphrase) sauvegard\u00e9e en clair\ndans un fichier journal.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\nCette action \u00e9tant irr\u00e9versible, il est conseill\u00e9 de contacter le\nsupport nCipher en cas de doute.\n",
  "cves": [],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 nCipher num\u00e9ro 10 du  22 juin 2004 :",
      "url": "http://www.ncipher.com/support/advisories/advisory10.htm"
    }
  ],
  "reference": "CERTA-2004-AVI-229",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-07-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Divulgation d\u0027informations sensibles"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans nCipher netHSM permet \u00e0 un utilisateur\nlocal d\u0027acc\u00e8der \u00e0 des informations sensibles.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de nCipher netHSM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 nCipher n\u02da10",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.