Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The ConsoleCallBack class for nCipher running under JRE 1.4.0 and 1.4.0_01, as used by the TrustedCodeTool and possibly other applications, may leak a passphrase when the user aborts an application that is prompting for the passphrase, which could allow attackers to gain privileges.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
nCipher使用JRE 1.4.0的ConsoleCallBack类智能卡密码字段泄露漏洞
Vulnerability Description
nCipher公司提供系列的硬件和软件安全产品,nCipher也提供开发支持,包括Java类。 nCipher中的ConsoleCallBack类在与JAVA实时环境交互时存在漏洞,本地攻击者可以利用这个漏洞获得密码字段(passphrase)信息。 ConsoleCallBack类包含一个功能可以当用户需要装载有密码字段保护的智能卡时从用户读取密码字段,不过ConsoleCallBack类在与windows下Java 1.4.0版本实时环境交互不兼容,如果用户通控制台提供他们的密码字段,应用程序就会变的
CVSS Information
N/A
Vulnerability Type
N/A