From technotifications@us.ncipher.com Mon Jun 28 13:13:26 2004 From: nCipher Support Resent-From: nCipher Support To: bugtraq@securityfocus.com Resent-To: bugtraq@securityfocus.com Date: Mon, 21 Jun 2004 16:18:44 +0100 Subject: nCipher Advisory #10: Pass phrases are exposed in netHSM log files -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 nCipher Security Advisory No. 10 Pass phrases are exposed in netHSM log files -------------------------------------------- SUMMARY ======= Pass phrases entered by means of the nCipher netHSM front panel, either using the built in thumbwheel or using a directly attached keyboard, are exposed in the netHSM system log. Under certain circumstances this information is also available to the remote filesystem machine. This issue is fixed in the latest netHSM firmware release. ISSUE DESCRIPTION ================= 1. Problem - ---------- The netHSM front-panel software, which accepts pass phrases by means of the netHSM front panel user interface, does not hide pass phrases in its debugging output. This debugging output was enabled in the shipped version of the netHSM front-panel software. On the netHSM these diagnostics are sent to the system log. The system log is always viewable on the netHSM front panel, and may also be appended to the remote filesystem log if this has been configured. Any smart card pass phrase input by means of the netHSM front panel *will* therefore be written to the netHSM system log, and *may* also be appended to the remote filesystem log. 2. Impact - --------- Anyone who is able to read a netHSM's log is able to determine all pass phrases that have been entered by means of the netHSM front panel. A person with unauthorised access to an Administrator or Operator Card from a netHSM's Security World may therefore be able to use the card even though it is protected by a pass phrase. 2.1 Mitigating Factors Having access to a pass phrase alone is not sufficient to mount a successful attack on a netHSM. nCipher's Security World architecture ensures that an attacker requires access to a number of separate physical entities, in addition to secrets such as pass phrases, before system compromise is possible. The pass phrase associated with a physical smart card is therefore only one of a number of secrets that an attacker requires. The pass phrases do not directly protect secret customer data. An attacker requires physical access to a quorum of the Operator or Administrator Cards (for which they have deduced pass phrases), access to the host data (the `kmdata' directories), and also access to the netHSM (to insert smart cards and type pass phrases) before system compromise is possible. The default netHSM configuration does not append to the remote filesystem log, and from revision 2.1 of the netHSM the front panel can be locked when not in use. 3. Who Is *Not* Affected - ------------------------ Administrator and Operator Cards that have never been presented to a netHSM are unaffected. Cards that have been presented remotely, where the netHSM has been used as an imported module, are not affected. Administrator and Operator Cards that do not have pass phrases are unaffected. Cards where the pass phase has never been entered by means of the netHSM front panel are not affected. If you do not rely on the security of your pass phrases then the security of your system is not affected. 4. Who May Be Affected - ---------------------- Any Administrator or Operator Card that has been presented to a netHSM will, if its pass phrase was entered by means of the front panel, have had that pass phrase written to a log. Anyone with access to the netHSM front panel can read all pass phrases that have been entered by means of the front panel since the netHSM was last booted. If your netHSM is also configured to append its log to the remote filesystem machine's log then anyone with read access to that file on the remote filesystem machine, or backup copies of that file, will be able to read any pass phrase that was entered by means of the front panel. 5. How To Tell If You Are Affected - ---------------------------------- If you have the remote filesystem logs for each netHSM, it is possible to see whether any pass phrases have been written to these logs. To check whether a netHSM is configured to append the system log to the remote filesystem log, check the following menu on the netHSM front panel: MENU --> System --> System Configuration --> Log configuration If set to "Append", the netHSM will append to the remote filesystem log. If set to "Log", the netHSM will only write to its internal volatile system log. Examination of the log of an affected netHSM will reveal debug like the following: May 22 02:30:37 nethsm cosmod-invoke: Sending Confirm: m#1 s#0 r#100 f0x1 May 22 02:30:37 nethsm cosmod-invoke: pp=mynewpassword after an operation that requires entering of a pass phrase. If you see the 'Sending Confirm: ' message then you *are* affected. Note that the system log viewed on the netHSM front panel only contains those messages logged since the netHSM was last booted. REMEDY ====== 1. Recommended course of action - ------------------------------- All customers should upgrade their netHSMs to the latest firmware version immediately. This firmware will upgrade users of netHSM release 2 and netHSM release 2.1 to an updated release 2.1 image that will *not* be downgradable to a previous version. The updated firmware no longer writes pass phrases to any log. If you are currently using release 2 and are unsure whether release 2.1 is suitable for your needs then please contact nCipher Support. If you would like to test the compatibility of the release 2.1 firmware in your environment, while retaining the ability to revert to release 2, nCipher recommends you test with the original release 2.1 firmware first. Once you have upgraded your netHSM firmware image, nCipher also recommends that you change all pass phrases on affected cards. If you do not do this, nCipher recommends you securely erase all copies of netHSM log files that might be available on your remote filesystem (and its backups, if available). 2. Work-around - -------------- There is currently no way of completely turning off logging from the netHSM front-panel. nCipher suggest you disable the 'Append to remote filesystem log' option from the netHSM front panel. To do this, select the following screen: MENU --> System --> System Configuration --> Log configuration and set the option to 'Log' rather than 'Append'. This will stop the pass phrases appearing in the log on the remote filesystem. The only way to clear the netHSM's log is to reboot the netHSM. nCipher therefore recommends that, until you have installed a fixed netHSM firmware version, you reboot after any operation requiring pass phrase entry by means of the front panel. Unless your netHSM's client systems are exceptionally secure, nCipher still recommends using the front panel for smart card operations, even if they require pass phrase entry. The security advantages of using the front-panel (which includes disabling the network during Administrator Card operations) are considered to outweigh the impact of this bug. As outlined above, however, nCipher recommends rebooting your netHSM after each operation requiring pass phrase entry by means of the front panel. 3. Upgrade instructions - ----------------------- The firmware release contains two files: this advisory, and the netHSM firmware image, with the following file name: /nethsm-firmware/2.1.12cam5/nCx3N.nff To upgrade you should copy the contents of the 'nethsm-firmware' directory in the firmware release into your remote filesystem's 'nethsm-firmware' directory, to recreate the directory structure above. Then, from the front panel of the netHSM, select the following screen: MENU --> System --> Upgrade system and follow the prompts, selecting 2.1.12cam5 as the version to use. If that version is not listed, check that the firmware file was successfully copied to your remote filesystem. See Appendix A in the netHSM/payShield net Administrator Guide ('Upgrading the internal software'), for more details on the firmware upgrade procedure. STATUS OF THIS ADVISORY, AND RELEASE SCHEDULE ============================================= This advisory is being released exclusively to affected nCipher customers in the first instance, so that remedial and preventative action can be taken before information pertaining to the vulnerability is generally available. This period of limited private disclosure will last for two weeks. If you receive this advisory during the period of limited disclosure please treat this advisory as confidential. In order to ensure that any remaining customers are informed, nCipher intends to submit this advisory to the bugtraq and security-announce@nCipher.com mailing lists on 21st June 2004. At this time the advisory will also be published on the nCipher web site. A new release of the netHSM firmware is available immediately. nCipher will supply this updated release with all future shipments of netHSMs. The updated netHSM firmware does not affect FIPS validation. SOFTWARE DISTRIBUTION AND REFERENCES ==================================== You can obtain copies of this advisory, and supporting documentation, from the nCipher updates site: http://www.ncipher.com/support/advisories/ Due to export control regulations, nCipher is unable to make software updates available on this web site. Please contact nCipher Support to be informed when updated software is available, and to obtain updated software. NCIPHER SUPPORT =============== nCipher customers who require updated software, support or further information regarding this problem should contact support@ncipher.com. nCipher Support can also be reached by telephone: Customers in the USA or Canada: +1 781 994 4008 Customers in all other countries: +44 1223 723666 Customers in all other countries outside of the USA and Canada can call the USA number in the event that they receive the advisory outside of UK support hours (09:00 - 17:30). Further Information =================== General information about nCipher products: http://www.ncipher.com/ nCipher Documentation set: http://www.ncipher.com/documentation.html If you would like to receive future security advisories from nCipher, please subscribe to the low volume nCipher security-announce mailing list. To do this, send a mail with the single word `subscribe' in the message body to: security-announce-request@ncipher.com. (c) nCipher Corporation Ltd. 2004 All trademarks acknowledged. nCipher and payShield are trade marks of nCipher Corporation Limited. $Id: advisory-pp-in-nhlogfile.txt,v 1.20 2004/06/04 10:24:10 james Exp $ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iQEVAwUBQMRDOe/+6Nq6MPYJAQJZxQf+Mdfjm6lpYs0SnXurQs0P9Ss/TTqQPv+9 YKrCOSEudEQ3jcZB8iQNkyu2YK8uzFu6XrY/4OGf1Hs5nnAt9WPUqVPNYOkWXy/Y 6gOrG4+7e4dgZvcHI1eYXJFCO2fNLVvwCCzDejmSFTY4zQinKFNjnv77pjfRf5J/ aMutlva+tpIUhIIQZsVc9F8F3vZ7YJRl7Dk+AiOlwAUDdojc1A240xrno59Ut5ED yjB786YJtNP4ThpH0Ub3maOB5x+0cwWAjdluVt+kt9C+HjoWfNw2cO9F8NVpRnB2 x0cQj/I7mvoVuaOCHSyQ3QHone7XgqUWhdl59YjGgyx/UkQN7iuzFQ== =QsOW -----END PGP SIGNATURE-----