CVE-2003-1417

high

Description

nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/11422

http://www.securityfocus.com/bid/6927

http://www.ncipher.com/support/advisories/advisory7_keyduplicates.html

http://marc.info/?l=bugtraq&m=104619088801750&w=2

Details

Source: Mitre, NVD

Published: 2003-12-31

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.00063