Search criteria
3 vulnerabilities found for payshield_spp_library by ncipher
CVE-2004-0063 (GCVE-0-2004-0063)
Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 00:01
VLAI?
Summary
The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9422",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9422"
},
{
"name": "3537",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3537"
},
{
"name": "20040114 nCipher Advisory #8: payShield library may verify bad requests",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107411819503569\u0026w=2"
},
{
"name": "payshield-incorrect-request-verification(14832)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14832"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ncipher.com/support/advisories/advisory8_payshield.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9422",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9422"
},
{
"name": "3537",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3537"
},
{
"name": "20040114 nCipher Advisory #8: payShield library may verify bad requests",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107411819503569\u0026w=2"
},
{
"name": "payshield-incorrect-request-verification(14832)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14832"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ncipher.com/support/advisories/advisory8_payshield.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9422"
},
{
"name": "3537",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3537"
},
{
"name": "20040114 nCipher Advisory #8: payShield library may verify bad requests",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107411819503569\u0026w=2"
},
{
"name": "payshield-incorrect-request-verification(14832)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14832"
},
{
"name": "http://www.ncipher.com/support/advisories/advisory8_payshield.html",
"refsource": "CONFIRM",
"url": "http://www.ncipher.com/support/advisories/advisory8_payshield.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0063",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-01-14T00:00:00",
"dateUpdated": "2024-08-08T00:01:23.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0063 (GCVE-0-2004-0063)
Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 00:01
VLAI?
Summary
The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.633Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9422",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9422"
},
{
"name": "3537",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3537"
},
{
"name": "20040114 nCipher Advisory #8: payShield library may verify bad requests",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107411819503569\u0026w=2"
},
{
"name": "payshield-incorrect-request-verification(14832)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14832"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ncipher.com/support/advisories/advisory8_payshield.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-13T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9422",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9422"
},
{
"name": "3537",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3537"
},
{
"name": "20040114 nCipher Advisory #8: payShield library may verify bad requests",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107411819503569\u0026w=2"
},
{
"name": "payshield-incorrect-request-verification(14832)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14832"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ncipher.com/support/advisories/advisory8_payshield.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9422"
},
{
"name": "3537",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3537"
},
{
"name": "20040114 nCipher Advisory #8: payShield library may verify bad requests",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107411819503569\u0026w=2"
},
{
"name": "payshield-incorrect-request-verification(14832)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14832"
},
{
"name": "http://www.ncipher.com/support/advisories/advisory8_payshield.html",
"refsource": "CONFIRM",
"url": "http://www.ncipher.com/support/advisories/advisory8_payshield.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0063",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-01-14T00:00:00",
"dateUpdated": "2024-08-08T00:01:23.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2004-0063
Vulnerability from fkie_nvd - Published: 2004-02-17 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ncipher | payshield_spp_library | 1.3.12 | |
| ncipher | payshield_spp_library | 1.5.18 | |
| ncipher | payshield_spp_library | 1.6.18 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ncipher:payshield_spp_library:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B09FF87A-E7A1-43D4-AAAB-1CEE32B55EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncipher:payshield_spp_library:1.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "092628C5-FFC4-4C9F-9267-FB6FF68B6491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ncipher:payshield_spp_library:1.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "6A12E833-A4AF-4417-87D5-6F3F44CE96A6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number."
},
{
"lang": "es",
"value": "La funci\u00f3n SPP_VerifyPW en la librer\u00eda nCipher payShield 1.3.12, 1.5.18 y 1.6.18 devuelve un valor Status_OK incluso si el HSM devuelve un c\u00f3digo de estado diferente, lo que podr\u00eda causar que aplicaciones hiciesen decisi\u00f3nes cr\u00edticas de seguridad de mandera incorrecta, por ejemplo aceptando un n\u00famero PIN no v\u00e1lido."
}
],
"id": "CVE-2004-0063",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-02-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107411819503569\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ncipher.com/support/advisories/advisory8_payshield.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3537"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/9422"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107411819503569\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.ncipher.com/support/advisories/advisory8_payshield.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/9422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14832"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}