Vulnerability Description
nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ncipher | Chil | All versions |
| Ncipher | Mscapi Csp | 5.50 |
| Ncipher | Ncipher Software Cd | All versions |
References
- http://secunia.com/advisories/19137PatchVendor Advisory
- http://securitytracker.com/id?1015719PatchVendor Advisory
- http://www.ncipher.com/resources/95/sa12_insecure_generation_of_diffiehellman_kePatchVendor Advisory
- http://www.securityfocus.com/archive/1/427146/100/0/threaded
- http://www.securityfocus.com/bid/17006Patch
- http://www.vupen.com/english/advisories/2006/0862
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25060
- http://secunia.com/advisories/19137PatchVendor Advisory
- http://securitytracker.com/id?1015719PatchVendor Advisory
- http://www.ncipher.com/resources/95/sa12_insecure_generation_of_diffiehellman_kePatchVendor Advisory
- http://www.securityfocus.com/archive/1/427146/100/0/threaded
- http://www.securityfocus.com/bid/17006Patch
- http://www.vupen.com/english/advisories/2006/0862
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25060
FAQ
What is CVE-2006-1115?
CVE-2006-1115 is a vulnerability with a CVSS score of 2.6 (LOW). nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack t...
How severe is CVE-2006-1115?
CVE-2006-1115 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1115?
Check the references section above for vendor advisories and patch information. Affected products include: Ncipher Chil, Ncipher Mscapi Csp, Ncipher Ncipher Software Cd.