nCipher PKCS#11 Implementation Access Control Vulnerability

info
discussion
exploit
solution
references

nCipher PKCS#11 Implementation Access Control Vulnerability

A vulnerability has been reported in the nCipher implementation of PKCS#11. Under certain circumstances, it is possible for plaintext keys to be exported from affected devices and components. This is due to a flaw in the access control component of the nCipher PKCS#11 library.