Title: nCipher MSCAPI CSP Install Wizard Incorrect Key Generation Vulnerability
Severity: LOW
Description:
nCipher produces a range of hardware and software security products. An issue has been reported in version 5.50 of the install wizard for the MSCAPI CSP key generator under Windows 2000.
The nCipher key management model allows application keys to be provided based on two requirements. A key may be provided to any nCipher module appropriately programmed with a user's Administrator Cards. Additionally, keys may be protected by additional Operator cards.
Under some circumstances, a key generated that should be protected by an Operator card will in fact be generated as only module protected. This may result in weaker security than anticipated, and under some deployments reduce or break the security model.
This occurs due to a flaw in the installation process. As an installation option, a user may specify if generated keys are to be module protected, or protected by an additional Operator Card Set.
If cardset protection is selected and a new Operator Card Set is not then created by the user, default key generation may be set to only module protection.
nCipher Support <support@nCipher.com> has provided details on how to determine if a given installation is vulnerable. They suggest running the command 'c:\nfast\bin\csputils.exe -d' from the command line, and examining key data to determine if incorrect protection levels have been set.
For a key with Operator Card Set protection:
Detailed report for container ID #cbfb7b11909b40ddc50da759d6029...
Filename: key_mscapi_container-cbfb7b11909b40ddc50da759d6...
Container name: expimptst
User name: NCIPHER\james
User SID: s-1-5-21-1594850079-719136693-34565100-1111
CSP DLL name: ncsp.dll
No signature key.
Filename for key exchange key is key_mscapi_expimptst-ncsp-ujam...
Key was generated by the CSP
Key hash: 92c60edf376c26e9ee76db3a2a70dd031636a218
Key is recoverable.
Key is cardset protected.
Cardset name: mscapi-grimsby
Sharing parameters: 1 of 1 shares required.
Cardset hash: 4eb80f966c13bd735cb50f29ef19e5e...
Cardset is persistent.
For a key with module protection:
Filename: key_mscapi_container-32a16394a3ffe52eb4db1127d8...
Container name: james
User name: NCIPHER\james
User SID: s-1-5-21-1594850079-719136693-34565100-1111
CSP DLL name: ncsp.dll
No signature key.
Filename for key exchange key is key_mscapi_6fa4c59efefb6c01db6...
Key was generated by the CSP
Key hash: 6fa4c59efefb6c01db6eca9f1eadbb17158fc2a8
Key is recoverable.
Key is module protected.
** It has been reported that a similar issue exists in the command line utility 'domesticinstall.exe' included with versions 5.50 and 5.54. This is related to the use of the command line argument '--nousemodulekeys'.
Affected Products:
- nCipher MSCAPI CSP 5.50.0
- nCipher MSCAPI CSP 5.54.0
References:
- nCipher: nCipher Homepage
- nCipher: nCipher Windows 2000 Security Advisory
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
