CVE-2002-0939
First published: Sat Aug 31 2002(Updated: )
The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| nCipher | =5.50 | |
| nCipher | =5.54 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2002-0939?
CVE-2002-0939 is considered a medium severity vulnerability due to its impact on key protection levels.
How does CVE-2002-0939 affect the nCipher MSCAPI CSP?
CVE-2002-0939 affects the nCipher MSCAPI CSP by failing to use Operator Card Set protected keys if not generated, leading to a lower than required protection level.
How do I fix CVE-2002-0939?
To fix CVE-2002-0939, ensure that the Operator Card Set is properly generated and utilized during key requests.
Which versions of nCipher MSCAPI CSP are affected by CVE-2002-0939?
Versions 5.50 and 5.54 of nCipher MSCAPI CSP are affected by CVE-2002-0939.
What can be done to mitigate the risk of CVE-2002-0939?
To mitigate the risk of CVE-2002-0939, users should validate their key protection settings and ensure proper configuration of the Operator Card Set.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/author
- agent/remedy
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ncipher
- canonical/ncipher
- version/ncipher/5.50
- version/ncipher/5.54