Lucene search

MitreCVE-2002-0940

HistoryOct 04, 2002 - 4:00 a.m.

CVE-2002-0940

2002-10-0404:00:00

mitre

web.nvd.nist.gov

cve-2002-0940

domesticinstall.exe

ncipher

mscapi

csp

vulnerability

operator card set

protection level

nvd

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.001

Percentile

19.7%

JSON

domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user (module protection only).

Affected configurations

Nvd

Node

nciphermscapi_cspMatch5.50

nciphermscapi_cspMatch5.54

VendorProductVersionCPE
nciphermscapi_csp5.50cpe:2.3:a:ncipher:mscapi_csp:5.50:*:*:*:*:*:*:*
nciphermscapi_csp5.54cpe:2.3:a:ncipher:mscapi_csp:5.54:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ncipher	mscapi_csp	5.50	cpe:2.3:a:ncipher:mscapi_csp:5.50:::::::*
ncipher	mscapi_csp	5.54	cpe:2.3:a:ncipher:mscapi_csp:5.54:::::::*

References

archives.neohapsis.com/archives/bugtraq/2002-05/0103.html

online.securityfocus.com/archive/1/277241

www.securityfocus.com/bid/4729

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.001

Percentile

19.7%

JSON

Related for CVE-2002-0940