Cryptographic Issues in org.bouncycastle:bcprov-debug-jdk14
Cxa9261daf-3755
- org.bouncycastle:bcprov-debug-jdk14
- org.bouncycastle:bcprov-debug-jdk15on
- org.bouncycastle:bcprov-debug-jdk15to18
- org.bouncycastle:bcprov-ext-debug-jdk14
- org.bouncycastle:bcprov-ext-debug-jdk15on
- org.bouncycastle:bcprov-ext-debug-jdk15to18
- org.bouncycastle:bcprov-ext-jdk14
- org.bouncycastle:bcprov-ext-jdk15on
- org.bouncycastle.bcprov-ext-jdk15on.1.57.org.bouncycastle:bcprov-ext-jdk15on
- org.bouncycastle:bcprov-ext-jdk15to18
- org.bouncycastle:bcprov-jdk14
- org.bouncycastle:bcprov-jdk15on
- org.bouncycastle.bcprov-jdk15on.1.57.org.bouncycastle:bcprov-jdk15on
- org.bouncycastle:bcprov-jdk15to18
Summary
Bouncy Castle from 1.47 and before 1.69 contains a weak key-hash message authentication code (HMAC) that is only 16 bits long which can result in hash collisions. This is due to an error within the BKS version 1 keystore (BKS-V1) files and could lead to an attacker being able to affect the integrity of these files. This vulnerability was introduced following an incomplete fix for CVE-2018-5382.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-310 - Cryptographic Issues
Cryptographic issues is a category of weaknesses related to the design and implementation of the confidentiality and integrity of data. If not addressed, the weaknesses in this category can lead to data quality degradation.
Advisory Timeline
- Published
