CVE-2006-1117

nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force.

Published: Mar 9, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-1117
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ncipher / securedb	-	-
ncipher / time_source_master_clock	-	-
ncipher / nforce	-	-
ncipher / dse200_document_sealing_engine	-	-
ncipher / ncore	-	-
ncipher / nshield	-	-
ncipher / nethsm	2.0	2.0.x
ncipher / nethsm	2.1.12_cam5	2.1.12_cam5.x
ncipher / nethsm	2.1	2.1.x
ncipher / payshield	-	-

http://secunia.com/advisories/19137
http://securitytracker.com/id?1015718
http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_security
http://www.securityfocus.com/archive/1/427151/100/0/threaded
http://www.securityfocus.com/bid/17012
http://www.vupen.com/english/advisories/2006/0862
https://exchange.xforce.ibmcloud.com/vulnerabilities/25063

Vulnerability Database

CVE-2006-1117