Title: nCipher Insecure CBC-MAC API Vulnerability
Severity: HIGH
Description:
nCipher products utilize strong cryptography to protect sensitive data and communications.
Certain nCipher products are susceptible to an insecure CBC-MAC (Cipher Block Chaining-Message Authentication Code) API vulnerability. This issue is due to a flaw in the API that allows users to utilize insecure CBC-MAC IVs (Initialization Vector).
CBC-MAC is an algorithm used to ensure the contents of data has not been altered, and has been sent by a known source. It does this by exclusive-ORing an IV, plus the input data, and then encrypting the resulting output data with a secret key. The resulting data is then used as the IV of the next block of data, chaining the blocks together.
The receiver of the data utilizes the shared encryption key, and the same IV as the sender to verify that the message has not been altered, and that it has originated from a known source.
For secure usage of CBC-MAC, a fixed IV (zero by convention) should be used, and it should not be included in the transmitted packets.
The affected nCore API allows application writers to choose an arbitrary IV for the algorithm, and transmits it as a part of the protocol. The receiver does not know the IV in advance, allowing attackers to modify in-transit packets in a man-in-the-middle fashion, while still passing the validity checks that the receiver will employ.
This issue allows remote attackers to modify data that is protected by the affected CBC-MAC protocol. This allows attackers to perform man-in-the-middle attacks against software that utilizes the affected insecure APIs. Other attacks may also be possible.
Affected Products:
- nCipher nCipher Software CD
- nCipher nCore