CVE-2002-0940
First published: Sat Aug 31 2002(Updated: )
domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| nCipher | =5.50 | |
| nCipher | =5.54 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2002-0940?
CVE-2002-0940 has a moderate severity due to exposing lower protection levels than requested by the user.
How do I fix CVE-2002-0940?
To fix CVE-2002-0940, upgrade to a version of nCipher MSCAPI CSP that properly implements Operator Card Set protected keys.
Which versions of nCipher MSCAPI CSP are affected by CVE-2002-0940?
CVE-2002-0940 affects the nCipher MSCAPI CSP versions 5.50 and 5.54.
What can happen if I don't address CVE-2002-0940?
If CVE-2002-0940 is not addressed, users may be at risk of using cryptographic operations that do not meet their expected security levels.
Is CVE-2002-0940 a common vulnerability?
CVE-2002-0940 is relatively uncommon but poses a significant risk for specific configurations of nCipher MSCAPI CSP.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/ncipher
- canonical/ncipher
- version/ncipher/5.50
- version/ncipher/5.54