<<< Date Index >>>     <<< Thread Index >>>

nCipher Advisory #10: Pass phrases are exposed in netHSM log files



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                nCipher Security Advisory No. 10
           Pass phrases are exposed in netHSM log files
           --------------------------------------------

SUMMARY
=======

Pass phrases entered by means of the nCipher netHSM front panel,
either using the built in thumbwheel or using a directly attached
keyboard, are exposed in the netHSM system log.  Under certain
circumstances this information is also available to the remote
filesystem machine.

This issue is fixed in the latest netHSM firmware release.

ISSUE DESCRIPTION
=================

1. Problem
- ----------

The netHSM front-panel software, which accepts pass phrases by means
of the netHSM front panel user interface, does not hide pass phrases
in its debugging output.

This debugging output was enabled in the shipped version of the netHSM
front-panel software.

On the netHSM these diagnostics are sent to the system log.  The
system log is always viewable on the netHSM front panel, and may also
be appended to the remote filesystem log if this has been configured.

Any smart card pass phrase input by means of the netHSM front panel
*will* therefore be written to the netHSM system log, and *may* also
be appended to the remote filesystem log.

2. Impact
- ---------

Anyone who is able to read a netHSM's log is able to determine all
pass phrases that have been entered by means of the netHSM front
panel.  A person with unauthorised access to an Administrator or
Operator Card from a netHSM's Security World may therefore be able to
use the card even though it is protected by a pass phrase.

2.1 Mitigating Factors

Having access to a pass phrase alone is not sufficient to mount a
successful attack on a netHSM.

nCipher's Security World architecture ensures that an attacker
requires access to a number of separate physical entities, in addition
to secrets such as pass phrases, before system compromise is possible.

The pass phrase associated with a physical smart card is therefore
only one of a number of secrets that an attacker requires.  The pass
phrases do not directly protect secret customer data.

An attacker requires physical access to a quorum of the Operator or
Administrator Cards (for which they have deduced pass phrases), access
to the host data (the `kmdata' directories), and also access to the
netHSM (to insert smart cards and type pass phrases) before system
compromise is possible.

The default netHSM configuration does not append to the remote
filesystem log, and from revision 2.1 of the netHSM the front panel
can be locked when not in use.

3. Who Is *Not* Affected
- ------------------------

Administrator and Operator Cards that have never been presented to a
netHSM are unaffected.  Cards that have been presented remotely, where
the netHSM has been used as an imported module, are not affected.

Administrator and Operator Cards that do not have pass phrases are
unaffected.

Cards where the pass phase has never been entered by means of the
netHSM front panel are not affected.

If you do not rely on the security of your pass phrases then the
security of your system is not affected.

4. Who May Be Affected
- ----------------------

Any Administrator or Operator Card that has been presented to a netHSM
will, if its pass phrase was entered by means of the front panel, have
had that pass phrase written to a log.

Anyone with access to the netHSM front panel can read all pass phrases
that have been entered by means of the front panel since the netHSM
was last booted.

If your netHSM is also configured to append its log to the remote
filesystem machine's log then anyone with read access to that file on
the remote filesystem machine, or backup copies of that file, will be
able to read any pass phrase that was entered by means of the front
panel.

5. How To Tell If You Are Affected
- ----------------------------------

If you have the remote filesystem logs for each netHSM, it is possible
to see whether any pass phrases have been written to these logs.

To check whether a netHSM is configured to append the system log to
the remote filesystem log, check the following menu on the netHSM
front panel:

MENU --> System --> System Configuration --> Log configuration

If set to "Append", the netHSM will append to the remote filesystem
log.  If set to "Log", the netHSM will only write to its internal
volatile system log.

Examination of the log of an affected netHSM will reveal debug like
the following:

May 22 02:30:37 nethsm cosmod-invoke: Sending Confirm: m#1 s#0 r#100 f0x1
May 22 02:30:37 nethsm cosmod-invoke:                  pp=mynewpassword

after an operation that requires entering of a pass phrase.

If you see the 'Sending Confirm: ' message then you *are* affected.

Note that the system log viewed on the netHSM front panel only
contains those messages logged since the netHSM was last booted.

REMEDY
======

1. Recommended course of action
- -------------------------------

All customers should upgrade their netHSMs to the latest firmware
version immediately.  This firmware will upgrade users of netHSM
release 2 and netHSM release 2.1 to an updated release 2.1 image that
will *not* be downgradable to a previous version.  The updated
firmware no longer writes pass phrases to any log.

If you are currently using release 2 and are unsure whether release
2.1 is suitable for your needs then please contact nCipher Support.
If you would like to test the compatibility of the release 2.1
firmware in your environment, while retaining the ability to revert to
release 2, nCipher recommends you test with the original release 2.1
firmware first.

Once you have upgraded your netHSM firmware image, nCipher also
recommends that you change all pass phrases on affected cards.  If you
do not do this, nCipher recommends you securely erase all copies of
netHSM log files that might be available on your remote filesystem
(and its backups, if available).

2. Work-around
- --------------

There is currently no way of completely turning off logging from the
netHSM front-panel.

nCipher suggest you disable the 'Append to remote filesystem log'
option from the netHSM front panel. To do this, select the following
screen:

MENU --> System --> System Configuration --> Log configuration

and set the option to 'Log' rather than 'Append'.  This will stop the
pass phrases appearing in the log on the remote filesystem.

The only way to clear the netHSM's log is to reboot the netHSM.
nCipher therefore recommends that, until you have installed a fixed
netHSM firmware version, you reboot after any operation requiring pass
phrase entry by means of the front panel.

Unless your netHSM's client systems are exceptionally secure, nCipher
still recommends using the front panel for smart card operations, even
if they require pass phrase entry. The security advantages of using
the front-panel (which includes disabling the network during
Administrator Card operations) are considered to outweigh the impact
of this bug. As outlined above, however, nCipher recommends rebooting
your netHSM after each operation requiring pass phrase entry by means
of the front panel.

3. Upgrade instructions
- -----------------------

The firmware release contains two files: this advisory, and the netHSM
firmware image, with the following file name:

/nethsm-firmware/2.1.12cam5/nCx3N.nff

To upgrade you should copy the contents of the 'nethsm-firmware'
directory in the firmware release into your remote filesystem's
'nethsm-firmware' directory, to recreate the directory structure
above.

Then, from the front panel of the netHSM, select the following screen:

MENU --> System --> Upgrade system

and follow the prompts, selecting 2.1.12cam5 as the version to use. If
that version is not listed, check that the firmware file was
successfully copied to your remote filesystem.

See Appendix A in the netHSM/payShield net Administrator Guide
('Upgrading the internal software'), for more details on the firmware
upgrade procedure.

STATUS OF THIS ADVISORY, AND RELEASE SCHEDULE
=============================================

This advisory is being released exclusively to affected nCipher
customers in the first instance, so that remedial and preventative
action can be taken before information pertaining to the vulnerability
is generally available.  This period of limited private disclosure
will last for two weeks.

If you receive this advisory during the period of limited disclosure
please treat this advisory as confidential.

In order to ensure that any remaining customers are informed, nCipher
intends to submit this advisory to the bugtraq and
security-announce@xxxxxxxxxxx mailing lists on 21st June 2004.  At
this time the advisory will also be published on the nCipher web site.

A new release of the netHSM firmware is available immediately.
nCipher will supply this updated release with all future shipments of
netHSMs.

The updated netHSM firmware does not affect FIPS validation.

SOFTWARE DISTRIBUTION AND REFERENCES
====================================

You can obtain copies of this advisory, and supporting documentation,
from the nCipher updates site:

    http://www.ncipher.com/support/advisories/

Due to export control regulations, nCipher is unable to make software
updates available on this web site.

Please contact nCipher Support to be informed when updated software is
available, and to obtain updated software.

NCIPHER SUPPORT
===============

nCipher customers who require updated software, support or further
information regarding this problem should contact support@xxxxxxxxxxxx

nCipher Support can also be reached by telephone:

    Customers in the USA or Canada:   +1 781 994 4008
    Customers in all other countries: +44 1223 723666

Customers in all other countries outside of the USA and Canada can
call the USA number in the event that they receive the advisory
outside of UK support hours (09:00 - 17:30).

Further Information
===================

General information about nCipher products:
    http://www.ncipher.com/

nCipher Documentation set:
    http://www.ncipher.com/documentation.html

If you would like to receive future security advisories from nCipher,
please subscribe to the low volume nCipher security-announce mailing
list.  To do this, send a mail with the single word `subscribe' in the
message body to: security-announce-request@xxxxxxxxxxxx

(c) nCipher Corporation Ltd.  2004

    All trademarks acknowledged.  nCipher and payShield are trade
    marks of nCipher Corporation Limited.

$Id: advisory-pp-in-nhlogfile.txt,v 1.20 2004/06/04 10:24:10 james Exp $
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iQEVAwUBQMRDOe/+6Nq6MPYJAQJZxQf+Mdfjm6lpYs0SnXurQs0P9Ss/TTqQPv+9
YKrCOSEudEQ3jcZB8iQNkyu2YK8uzFu6XrY/4OGf1Hs5nnAt9WPUqVPNYOkWXy/Y
6gOrG4+7e4dgZvcHI1eYXJFCO2fNLVvwCCzDejmSFTY4zQinKFNjnv77pjfRf5J/
aMutlva+tpIUhIIQZsVc9F8F3vZ7YJRl7Dk+AiOlwAUDdojc1A240xrno59Ut5ED
yjB786YJtNP4ThpH0Ub3maOB5x+0cwWAjdluVt+kt9C+HjoWfNw2cO9F8NVpRnB2
x0cQj/I7mvoVuaOCHSyQ3QHone7XgqUWhdl59YjGgyx/UkQN7iuzFQ==
=QsOW
-----END PGP SIGNATURE-----