Security Advisories

Access to resources marked

requires registration.

Formatted Text Block SA#14: Presence of flaws in firmware security Access to this document requires registration.
During a major code review carried out for a recent release, nCipher discovered some undesirable features in the nCore code base. While none of these features could lead to the accidental exposure of key material, if discovered by a skilled cryptographer, they open lines of attack which enable key values to be determined with less effort than would be expected if the only attack were breaking a key by exhaustive search. All attacks require detailed knowledge of the nCipher code base, making it extremely unlikely that any attacker would be able to take advantage of these features. nCipher is making available updated firmware to fix this potential vulnerability. Use of some keys may be affected by the upgrade, nCipher has written a utility that can detect these keys in a Security World. nCipher recommends that you run this utility before making the upgrade.

Formatted Text Block SA#13: CBC-MAC IV misleading programming interface Access to this document requires registration.
Application programmers using the nCore API to calculate and verify CBC MACs may have accidentally implemented a MAC protocol which fails to detect certain modifications to messages it is supposed to protect.

Formatted Text Block SA#12: Insecure Generation of Diffie-Hellman keys Access to this document requires registration.
In some circumstances, Diffie-Hellman keys generated by an HSM may be less secure than previously thought. An attack which recovers a vulnerable private key is (for typical parameters), expensive but possible. Keys subject to this vulnerability should be replaced. In addition, a firmware upgrade is available which removes the root cause of the generation of vulnerable keys; alternatively an upgrade to the key generation software provides a (verifiable) workaround.

Formatted Text Block SA#11: CHIL random cache not cleared when forking Access to this document requires registration.
When programs use CHIL's HWCryptoHook_RandomBytes function in a program that forks, this function may produce the same random data in all child processes for a short time.

Formatted Text Block SA#10: Pass phrases are exposed in netHSM log files Access to this document requires registration.
Pass phrases entered by means of the nCipher netHSM front panel, either using the built in thumbwheel or using a directly attached keyboard, are exposed in the netHSM system log. Under certain circumstances this information is also available to the remote filesystem machine. This issue is fixed in the latest netHSM firmware release.

Formatted Text Block SA#09: Host-side attackers can access secret data Access to this document requires registration.
On certain models and firmware combinations, an attacker who is able to issue commands to an HSM (eg, by having use or control of the host to which it is connected) may be able to access secret data stored in the module, including critical application keys. Modules with vulnerable firmware versions should be upgraded.

Formatted Text Block SA#08: payShield library may verify bad requests Access to this document requires registration.
When a command is issued to the payShield SPP library it may return Status_OK regardless of what the real reply status was.

Formatted Text Block SA#07: Unexpected duplicates of imported software based keys Access to this document requires registration.
When either the command line utility generatekey or the KeySafe graphical application is used to import a software based key into an nCipher nShield or nForce hardware security module, the key is successfully imported. However copies of the original key file are incorrectly left on the host file system.

Formatted Text Block SA#06: Access control defects in PKCS#11 keys Access to this document requires registration.
As a function of internal QA testing, nCipher has identified that, under certain unusual circumstances, keys created by the nCipher PKCS#11 library, which should be secure, may be exportable from the hardware security module in plaintext or equivalent, or have other defects in their access control.

Formatted Text Block SA#05: C_Verify validates incorrect symmetric signatures Access to this document requires registration.
When C_Verify is called on a symmetric signature, the nCipher PKCS#11 cryptographic library always returns CKR_OK, which indicates a valid signature, even if the signature is invalid.

Formatted Text Block SA#04: Console Java applications can leak passphrases on Windows Access to this document requires registration.
In certain circumstances, Java applications using the standard nCipher ConsoleCallBack class on Windows NT/2000 can be made to leak smart card passphrases to the current user's shell. One version of the nCipher command line utility 'TrustedCodeTool', as supplied to CodeSafe customers, is also affected by this problem.

Formatted Text Block SA#03: Important Security Advisory for Windows 2000 Users Access to this document requires registration.
In certain circumstances, the nCipher MSCAPI CSP Install Wizard support software on Windows 2000 will set the nCipher CSP key generation behavior incorrectly. Despite the user requesting Operator Card Set protection for keys (`cardset protected keys') that are generated using the nCipher CSP, a software error might result in keys being protected by the module alone. The undocumented command line utility `domesticinstall.exe' is also affected by this problem.

Formatted Text Block SA#02: SNMP Vulnerabilities Access to this document requires registration.
SNMP agents supplied by nCipher, as well as those required to run other nCipher SNMP support software, could be vulnerable to buffer overflow attacks including denial of service and privilege elevation.

Formatted Text Block SA#01: Operator Cards unexpectedly recoverable Access to this document requires registration.
In certain circumstances, the nCipher security world initialization software enables the Operator Card Set recovery feature, even when the user requested that recovery be disabled.