Vulnerability Description
The ConsoleCallBack class for nCipher running under JRE 1.4.0 and 1.4.0_01, as used by the TrustedCodeTool and possibly other applications, may leak a passphrase when the user aborts an application that is prompting for the passphrase, which could allow attackers to gain privileges.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ncipher | Nforce | All versions |
| Ncipher | Nshield | All versions |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-06/0172.html
- http://www.iss.net/security_center/static/9354.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/5024PatchVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2002-06/0172.html
- http://www.iss.net/security_center/static/9354.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/5024PatchVendor Advisory
FAQ
What is CVE-2002-0941?
CVE-2002-0941 is a vulnerability with a CVSS score of 4.6 (MEDIUM). The ConsoleCallBack class for nCipher running under JRE 1.4.0 and 1.4.0_01, as used by the TrustedCodeTool and possibly other applications, may leak a passphrase when the user aborts an application th...
How severe is CVE-2002-0941?
CVE-2002-0941 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0941?
Check the references section above for vendor advisories and patch information. Affected products include: Ncipher Nforce, Ncipher Nshield.