N/A

nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force.

N/A

N/A

nCipher测试选项不安全密钥生成漏洞

nCipher是全球硬件安全模块(HSM)技术、磁盘加密技术和其它身份保护和管理解决方案的领先厂商之一。 nCipher在产品的测试和发布过程中存在漏洞，攻击者可能利用此漏洞以较小的代价获取密钥。 在模块固件开发过程中，会在nCipher产品中加入各种选项以便测试。尽管这些选项没有提供特殊的密钥访问，但允许以较低的安全属性生成密钥。一些正式发布的nCipher产品中可能还存在上述测试用的选项，这就允许攻击者通过创建特制格式的消息获得有关密钥的额外信息，以比暴力猜测耗时更少的时间恢复密钥。

N/A

N/A