The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages.
Score: 0.0
Priority: Unclassified
Score: 0.00392
Percentile:
0.594
CVSS v2 Score: 5.0
Severity: