VULHUB ™

It is reported that nCipher's netHSM improperly logs passphrases entered via the netHSM front panel. Passphrases are improperly logged when entered on the front panel of the netHSM device, either through the built-in thumbwheel or a directly attached keyboard. Under certain configurations, these passphrases are also sent to a remote filesystem. If an attacker has access to the passphrases, it may aid them in further attacks. Exploitation of the netHSM infrastructure requires physical access to a hardware smartcard, the netHSM device, an acquired passphrase, and access to host data. If the passphrase is reused in a different context, an attacker may be able to launch further attacks. A firmware upgrade is available resolving this issue.

It is reported that nCipher's netHSM improperly logs passphrases entered via the netHSM front panel. Passphrases are improperly logged when entered on the front panel of the netHSM device, either through the built-in thumbwheel or a directly attached keyboard. Under certain configurations, these passphrases are also sent to a remote filesystem. If an attacker has access to the passphrases, it may aid them in further attacks. Exploitation of the netHSM infrastructure requires physical access to a hardware smartcard, the netHSM device, an acquired passphrase, and access to host data. If the passphrase is reused in a different context, an attacker may be able to launch further attacks. A firmware upgrade is available resolving this issue.