Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2004-0063 | First vendor Publication | 2004-02-17 |
Vendor | Cve | Last vendor Modification | 2017-10-10 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0063 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
3537 | nCipher payShield SPP Library Bad Request Verification payShield's SPP library contains a flaw that may allow a remote attacker to get approval for an invalid PIN. The issue is due to the SPP library returning a Status_OK response regardless of what the original status code was. If an attacker has sole access to the payShield application, they could flood it with invalid requests and eventually get an "OK" response. |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:02:15 |
|
2021-04-22 01:02:24 |
|
2020-05-23 00:15:41 |
|
2017-10-10 09:23:26 |
|
2016-10-18 12:01:17 |
|
2016-06-28 15:04:42 |
|
2013-05-11 11:39:45 |
|