CVE-2006-1115 - Vulnerability Details - OpenCVE

nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ncipher	Chil Mscapi Csp Ncipher Software Cd

Configuration 1 [-]

OR	cpe:2.3:a:ncipher:chil::::::::
	cpe:2.3:a:ncipher:mscapi_csp:5.50:::::::*
	cpe:2.3:a:ncipher:mscapi_csp:5.54:::::::*
	cpe:2.3:a:ncipher:ncipher_software_cd::::::::

No data.

References

Link	Providers
http://secunia.com/advisories/19137
http://securitytracker.com/id?1015719
http://www.ncipher.com/resources/95/sa12_insecure_generation_of_diffiehellman_keys
http://www.securityfocus.com/archive/1/427146/100/0/threaded
http://www.securityfocus.com/bid/17006
http://www.vupen.com/english/advisories/2006/0862
https://exchange.xforce.ibmcloud.com/vulnerabilities/25060

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-03-09T11:00:00

Updated: 2024-08-07T16:56:15.715Z

Reserved: 2006-03-09T00:00:00

Link: CVE-2006-1115

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-03-09T13:06:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-1115

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-03-07T00:00:00", "descriptions": [{"lang": "en", "value": "nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-0862", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0862"}, {"name": "1015719", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015719"}, {"name": "20060308 nCipher Advisory #12: Insecure Generation of Diffie-Hellman keys", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/427146/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ncipher.com/resources/95/sa12_insecure_generation_of_diffiehellman_keys"}, {"name": "17006", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17006"}, {"name": "19137", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19137"}, {"name": "ncipher-hsm-weak-key(25060)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25060"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1115", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-0862", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0862"}, {"name": "1015719", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015719"}, {"name": "20060308 nCipher Advisory #12: Insecure Generation of Diffie-Hellman keys", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/427146/100/0/threaded"}, {"name": "http://www.ncipher.com/resources/95/sa12_insecure_generation_of_diffiehellman_keys", "refsource": "CONFIRM", "url": "http://www.ncipher.com/resources/95/sa12_insecure_generation_of_diffiehellman_keys"}, {"name": "17006", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17006"}, {"name": "19137", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19137"}, {"name": "ncipher-hsm-weak-key(25060)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25060"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:56:15.715Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-0862", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/0862"}, {"name": "1015719", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015719"}, {"name": "20060308 nCipher Advisory #12: Insecure Generation of Diffie-Hellman keys", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/427146/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ncipher.com/resources/95/sa12_insecure_generation_of_diffiehellman_keys"}, {"name": "17006", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17006"}, {"name": "19137", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19137"}, {"name": "ncipher-hsm-weak-key(25060)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25060"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1115", "datePublished": "2006-03-09T11:00:00", "dateReserved": "2006-03-09T00:00:00", "dateUpdated": "2024-08-07T16:56:15.715Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ncipher:chil:*:*:*:*:*:*:*:*", "matchCriteriaId": "B685201F-1FFE-4D33-89F1-DA204B1B788D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ncipher:mscapi_csp:5.50:*:*:*:*:*:*:*", "matchCriteriaId": "A57D5F39-2B2F-4CB5-94AC-4D2CE4437104", "vulnerable": true}, {"criteria": "cpe:2.3:a:ncipher:mscapi_csp:5.54:*:*:*:*:*:*:*", "matchCriteriaId": "7CE0D7EA-B2E0-4E49-B226-16D91DE67426", "vulnerable": true}, {"criteria": "cpe:2.3:a:ncipher:ncipher_software_cd:*:*:*:*:*:*:*:*", "matchCriteriaId": "243E6982-7B0B-43AB-B6B1-E75848FD5AC5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack."}], "id": "CVE-2006-1115", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-03-09T13:06:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19137"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://securitytracker.com/id?1015719"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ncipher.com/resources/95/sa12_insecure_generation_of_diffiehellman_keys"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/427146/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/17006"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/0862"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25060"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19137"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://securitytracker.com/id?1015719"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ncipher.com/resources/95/sa12_insecure_generation_of_diffiehellman_keys"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/427146/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/17006"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/0862"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25060"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}