CVE-2002-1446 : The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2

The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages.

Published 2002-08-01 04:00:00

Updated 2008-09-05 20:30:37

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2002-1446

Probability of exploitation activity in the next 30 days: 0.57%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 75 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2002-1446

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2002-1446

Products affected by CVE-2002-1446

Ncipher » Pkcs 11 Library » Version: 1.2.0
cpe:2.3:a:ncipher:pkcs_11_library:1.2.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2002-1446

Exploit prediction scoring system (EPSS) score for CVE-2002-1446

CVSS scores for CVE-2002-1446

References for CVE-2002-1446

Products affected by CVE-2002-1446