PT-2002-1949 · Ncipher · Ncipher Mscapi Csp

Published

2002-08-31

Updated

2008-09-10

CVE-2002-0940

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: nCipher MSCAPI CSP versions 5.50 through 5.54

Description: The issue concerns the domesticinstall.exe component, which fails to utilize Operator Card Set protected keys as requested by the user when the Operator Card Set is not generated. This results in a lower protection level than specified, providing only module protection.

Recommendations: For nCipher MSCAPI CSP versions 5.50 through 5.54, consider disabling the use of domesticinstall.exe until a proper fix is implemented to ensure the use of Operator Card Set protected keys as intended.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-0940

Affected Products

Ncipher Mscapi Csp

PT-2002-1949 · Ncipher · Ncipher Mscapi Csp

CVE-2002-0940

Related Identifiers

Affected Products

References · 4