PT-2003-2362 · Ncipher · Ncipher Support
Published
2003-12-31
·
Updated
2017-07-29
·
CVE-2003-1417
CVSS v2.0
4.4
Medium
| Vector | AV:L/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
nCipher Support Software version 6.00
Description
The issue concerns the generatekey KeySafe feature in nCipher Support Software, which fails to delete temporary key copies after import. This oversight may allow local users to access the key by reading the
key.pem or key.der files.Recommendations
For nCipher Support Software version 6.00, consider manually deleting the temporary
key.pem and key.der files after key import to prevent unauthorized access. As a temporary workaround, restrict access to these files to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ncipher Support