The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2004-09-01T04:00:00
Updated: 2024-08-08T03:26:28.594Z
Reserved: 2003-02-05T00:00:00
Link: CVE-2002-1446
Vulnrichment
No data.
NVD
Status : Modified
Published: 2002-08-01T04:00:00.000
Modified: 2024-11-20T23:41:19.580
Link: CVE-2002-1446
Redhat
No data.