The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2004-09-01T04:00:00
Updated: 2024-08-08T03:26:28.594Z
Reserved: 2003-02-05T00:00:00
Link: CVE-2002-1446
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2002-08-01T04:00:00.000
Modified: 2008-09-05T20:30:37.407
Link: CVE-2002-1446
Redhat
No data.