Back to search
CVE-2004-0063
Published: Sep 1, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
9422
vdb-entry
x_refsource_BID
3537
vdb-entry
x_refsource_OSVDB
20040114 nCipher Advisory #8: payShield library may verify bad requests
mailing-list
x_refsource_BUGTRAQ
payshield-incorrect-request-verification(14832)
vdb-entry
x_refsource_XF
http://www.ncipher.com/support/advisories/advisory8_payshield.html
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now