Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   payShield Vendors:   nCipher
nCipher payShield Library May Validate Invalid Requests
SecurityTracker Alert ID:  1008710
SecurityTracker URL:
CVE Reference:   CVE-2004-0063   (Links to External Site)
Updated:  Jan 20 2004
Original Entry Date:  Jan 14 2004
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 1.3.12, 1.5.18 and 1.6.18
Description:   A vulnerability was reported in the nCipher payShield library. The library may incorrectly verify bad requests.

It is reported that the payShield SPP library may return a 'Status_OK' indication when the actual reply status may be something different. The actual status will be logged but not returned to the calling function, the report said.

The report indicates that if the library is in constant use, the error will occur once every three minutes.

The vulnerability reportedly resides in the host-side library and affects applications only.

The vendor states that existing payShield installations and keys are not compromised.

Impact:   An application using the library may make an incorrect authentication decision.
Solution:   The vendor has released updated software for Windows, Linux, and Solaris platforms. The vendor plans to issue new releases shortly for AIX5.1, HPUX11, and Linux(nethsm).

Due to export restrictions, customers must contact the vendor directly to obtain updated software.

Vendor URL: (Links to External Site)
Cause:   Authentication error, State error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC