The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation14 reference(s) from NVD