Back to search
CVE-2006-1116
Published: Mar 9, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20060308 nCipher Advisory #13: CBC-MAC IV misleading programming interface
mailing-list
x_refsource_BUGTRAQ
ADV-2006-0862
vdb-entry
x_refsource_VUPEN
ncipher-ncore-bypass-security(25062)
vdb-entry
x_refsource_XF
17011
vdb-entry
x_refsource_BID
1015718
vdb-entry
x_refsource_SECTRACK
19137
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now