Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
From: nCipher Support (supportncipher.com)
Date: Mon Jun 17 2002 - 10:27:46 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

                 nCipher[TM] Security Advisory No. 4
    Console Java applications can leak passphrases on Windows


    In certain circumstances, Java[TM] applications using the standard
    nCipher ConsoleCallBack class on Windows NT/2000 can be made to leak
    smart card passphrases to the current user's shell.

    One version of the nCipher command line utility `TrustedCodeTool',
    as supplied to CodeSafe[TM] customers, is also affected by this problem.


    1. Smart cards and passphrases

    The master secrets for a Security World are protected by the Administrator
    Card Set; application keys can be protected either by the master secrets
    (`module protection'), or by further smart cards known as Operator
    Card Sets.

    Each card can be further protected by a passphrase, which must be
    provided before the secret share on the card can be read. In such cases,
    the authorization becomes two-factor: `something you have' plus `something
    you know'.

    2. kmjava and the ConsoleCallBack

    nCipher's suite of development kits under the CipherTools[TM] and CodeSafe
    brand names include Java support. In particular, the `kmjava' component
    provides a Java interface to the Security World, and is further used by
    the nCipher JCE CSP and CodeSafe/J.

    Java programs using the Security World are required to provide a
    callback object which is responsible for interacting with the user
    during operations which require the loading of a set of smart cards.
    kmjava includes the class `com.ncipher.km.nfkm.ConsoleCallBack' which
    performs such interactions, and example code demonstrating its use.


    1. Cause

    One of the functions performed by the ConsoleCallBack is the reading of
    a passphrase from the user, when the user wishes to load a smart card
    which is protected by a passphrase.

    The mechanism employed to read this passphrase turns out to be
    incompatible with version 1.4.0 of the Java Runtime Environment on Windows
    platforms. A passphrase prompt appears as expected, but the calling
    program does not resume after the user has entered their passphrase.
    If the user subsequently assumes the application has hung and presses
    Control-C in an attempt to kill it, their command shell receives the
    user's passphrase as if they had typed it there.

    2. Impact

    A site running Java software on Windows which makes use of the
    ConsoleCallBack will find it ceases to work and potentially leaks
    passphrases, in the manner described above, if they upgrade from a
    previous version of the Java 2 Platform to v1.4.0.

    If the user's command shell supports history tracking, the history file
    will also contain the entered passphrase if it has been leaked in the
    manner described.

    Note that this issue only affects the host the ConsoleCallBack is running
    on, and not the HSM. The security of the HSM is unaffected. However,
    an attacker who is able to gain control of sufficient smart cards having
    observed their passphrases could gain unauthorized access to application
    keys, especially if the smart cards in question form an Administrator
    Card Set.

    3. Who May Be Affected

    This problem affects users:

    * that are using nForce or nShield modules, and

    * running software which makes use of the ConsoleCallBack, and

    * running under version 1.4.0 of the Java Runtime Environment on the
    Windows operating system, and

    * only in circumstances where this software requires to read passphrases
    from the console in order to load a cardset.

    This includes users of the Java version of nCipher's `TrustedCodeTool', as
    supplied to many CodeSafe customers and end-users.

    This problem does not affect KeySafe, nor the original Trusted Code Tool
    (`trustedcodetool.exe', as supplied to some early CodeSafe customers)
    nor its latest revision (`tct2.exe', currently under limited release).

    4. How To Tell If You Are Affected

    It is usually possible to determine the installed version(s) of the Java
    Runtime Environment by consulting the `Add/Remove Programs' Control
    Panel. At the time of writing, the only known affected versions are
    `1.4.0' and `1.4.0_01'; earlier versions are *not* affected.

    Be aware that it is possible to install multiple versions of the JRE
    on a system, and that certain applications may make use of different
    installed versions. If you are in any doubt as to which versions of the
    JRE are used by an application, please contact your application vendor.

    To determine if you have kmjava installed, examine your system
    for the presence of `c:\nfast\lib\versions\kmjava-atv.txt' (or
    `lib\versions\kmjava-atv.txt' within the install directory if you have
    installed the nCipher software to a non-default location). If this file
    is present, so is kmjava; otherwise, you are not affected.

    If the smart cards to be read by the application are not protected by
    passphrases, you are not affected.

    5. Vendor-specific notes

    * nCipher

    The java version of the `TrustedCodeTool', as supplied to many CodeSafe
    customers and end-users, is affected by this issue. If you have an early
    version of CodeSafe which included `trustedcodetool.exe', or a very
    recent version which contains `tct2.exe', you are *not* affected.

    A software update is in development and will be made available via
    nCipher Support in due course.

    * Others

    To determine whether a third-party application makes use of the
    ConsoleCallBack, please contact the application vendor. (As a general
    rule, if an application never requires to load smart cards, or is
    completely GUI-based, it is unlikely to be affected. Certain applications
    do not support the use of passphrases on smart cards, and are similarly
    not affected.)


    1. Users who are NOT running an affected version of the JRE

    We advise users to not upgrade their installation of the Java Runtime
    Environment to version 1.4.0 until revised versions of kmjava and
    supporting components are available, or if advised by their application
    vendor(s) that it is safe to do so.

    2. Users who ARE running an affected version of the JRE

    We advise users who are running a potentially affected application on
    an affected version of the JRE to revert to an earlier version of the
    JRE if their application supports it.

    If the application and site security policy allow, it may be reasonable
    to remove passphrase protection from the smart cards to be loaded.
    Otherwise, please contact the application vendor for advice.

    3. CodeSafe users

    We advise users of the nCipher Java `TrustedCodeTool' not to operate it
    with JRE version 1.4.0 if the cardset(s) to be loaded are protected by
    passphrases. (It remains supported under JRE versions 1.2.x and 1.3.x.)

    It is safe to use the TCT if the smart cards to be loaded are not
    passphrase protected, or if the passphrase protection is removed (provided
    your site security policy allows this).

    A software update is in development and will be made available via
    nCipher Support in due course.

    4. Users who have inadvertently leaked smart card passphrases

    We recommend users change any leaked passphrase(s) at once. Please
    refer to the section entitled `Changing a pass phrase' in the nForce
    or nShield User Guide, and any documentation to this effect provided by
    your application vendor, if applicable.

    We further advise users to determine how many passphrases have been
    leaked and consider whether this may have compromised the security of
    their keys and the impact this may have on their security assumptions.


    It is generally good practice to employ multiple-factor authorization in
    security systems.

    A passphrase-protected smart card combines the requirement for "something
    you have" with "something you know", provided the passphrase is difficult
    to guess. (If written down, this becomes "two things you have".)

    The Security World concept does not mandate the use of passphrases; we
    recommend that Security Officers formulate an appropriate authorization
    policy based on the individual circumstances of their site.


    You can obtain copies of this advisory, patch kits (when available)
    for all nCipher supported platforms, and supporting documentation,
    from the nCipher updates site:


    Further information

    General information about nCipher products:

    nCipher Developer's Guide and nCipher Developer's Reference

    nCipher Support

    nCipher customers who require support or further information regarding
    this problem should contact supportncipher.com.

    (c) nCipher Corporation Ltd. 2002

     All trademarks acknowledged. Java and all Java-based marks are
     trademarks or registered trademarks of Sun Microsystems, Inc. in the
     U.S. and other countries.

    $Id: advisory4.txt,v 1.6 2002/06/14 14:30:46 ryounger Exp $