Описание
The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages.
Ссылки
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:ncipher:pkcs_11_library:1.2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00627
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages.
EPSS
Процентиль: 69%
0.00627
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other