bouncycastle legion-bouncy-castle-java-crytography-api CVE-2018-5382 in Bouncycastle and Red Hat Products
Published on April 16, 2018

Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions

product logo product logo
The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47. For situations where people need to create the files for legacy reasons a specific keystore type "BKS-V1" was introduced in 1.49. It should be noted that the use of "BKS-V1" is discouraged by the library authors and should only be used where it is otherwise safe to do so, as in where the use of a 16 bit checksum for the file integrity check is not going to cause a security issue in itself.

Vendor Advisory NVD

Weakness Type

Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information. The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Well-known techniques may exist to break the algorithm.


Products Associated with CVE-2018-5382

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-5382 are published in these products:

Bouncycastle Legion Bouncy Castle Java Crytography Api
 
Red Hat Satellite
 
Red Hat Satellite Capsule
 
Bouncycastle Bc Java
 

Affected Versions

Legion of the Bouncy Castle Bouncy Castle:

Exploit Probability

EPSS
0.15%
Percentile
35.93%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.