CVE-2006-1117
First published: Thu Mar 09 2006(Updated: )
nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ncipher Dse200 Document Sealing Engine | ||
| nCipher | ||
| nCipher | ||
| nCipher | ||
| Ncipher Time Source Master Clock | ||
| nCipher NetHSM | =2.0 | |
| nCipher NetHSM | =2.1 | |
| nCipher NetHSM | =2.1.12_cam5 | |
| nCipher | ||
| nCipher payShield SPP library |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_security
- http://www.securityfocus.com/bid/17012
- http://securitytracker.com/id?1015718
- http://secunia.com/advisories/19137
- http://www.vupen.com/english/advisories/2006/0862
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25063
- http://www.securityfocus.com/archive/1/427151/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-1117?
CVE-2006-1117 is classified with a high severity due to the presence of testing options in the firmware that could introduce significant security risks.
How do I fix CVE-2006-1117?
To fix CVE-2006-1117, update the firmware to version V10 or later that removes the insecure testing options.
What products are affected by CVE-2006-1117?
CVE-2006-1117 affects various nCipher products, including nShield, nForce, netHSM, payShield, SecureDB, DSE200 Document Sealing Engine, and Time Source Master Clock.
Is CVE-2006-1117 still a concern for organizations using affected products?
Yes, CVE-2006-1117 remains a concern due to the potential exploitation of testing features in production environments.
Are there any workarounds for CVE-2006-1117?
The best workaround for CVE-2006-1117 is to ensure affected devices are updated to secure firmware versions and to limit exposure of these devices to untrusted networks.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/ncipher
- canonical/ncipher dse200 document sealing engine
- canonical/ncipher
- canonical/ncipher time source master clock
- canonical/ncipher nethsm
- version/ncipher nethsm/2.0
- version/ncipher nethsm/2.1
- version/ncipher nethsm/2.1.12_cam5
- canonical/ncipher payshield spp library