Cryptosense Software Finds Key-Disabling Bug in Thales HSM

Graham Steel
June 17, 2015

The latest firmware update (v11.72) for the Thales eSecurity-nCipher net HSM includes a fix for a security issue found by the Cryptosense PKCS#11 compliance tester.

While using our software to test one of our clients' HSMs, we discovered a bug that allowed an innocent-looking PKCS#11 command to set all the permission attributes on a private key to FALSE. Since these attributes include CKA_MODIFIABLE, this is a permanent change, and since CKA_EXTRACTABLE is set to false, the key can't be exported and copied. All the cryptographic usage flags such as CKA_SIGN and CKA_DECRYPT are also set to FALSE, rendering the key unusable for any operation.Since these devices are often used, for example, by Certification Authorities or in other similar signing applications where availability is critical, our clients considered this a serious issue, so we signalled it to Thales who included a fix in their most recent update. We'd recommend all Thales-nCipher HSM users to install the fix as soon as possible.

Over the next few weeks and months, we'll be featuring more highlights of the results from our compliance tester on the blog.