OpenJDK: weak protection of key stores against brute forcing (Security, 8181692)

🗓️ 23 Oct 2017 07:44:37Reported by RedHatType

redhat

redhat🔗 access.redhat.com

OpenJDK Security key stores used weak keys, enabling password guesses to decrypt private keys.

Reporter	Title	Published	Views	Family All 277
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments	24 Sep 201809:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for SAP Applications	17 Jun 201812:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Directory Server	11 Jan 201916:25	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects IBM InfoSphere Information Server	16 Jun 201814:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Security Network Protection	16 Jun 201822:04	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM Algo One - Algo Risk Application (ARA)	15 Jun 201823:53	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities identified in IBM® Java SDK affect WebSphere Service Registry and Repository and WebSphere Service Registry and Repository Studio.	15 Jun 201807:08	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest (CVE-2017-10356, CVE-2017-10345)	4 Feb 202016:40	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM License Metric Tool v9 and IBM BigFix Inventory v9	19 Aug 202223:53	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium	16 Jun 201822:03	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	6	x86_64	java-1.8.0-oracle	1:1.8.0.151-1jpp.1.el6	java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux	6	any	java-1.8.0-oracle	1:1.8.0.151-1jpp.1.el6.i686	java-1.8.0-oracle-1:1.8.0.151-1jpp.1.el6.i686.noarch.rpm
Red Hat Enterprise Linux	7	x86_64	java-1.8.0-oracle	1:1.8.0.151-1jpp.5.el7	java-1.8.0-oracle-1:1.8.0.151-1jpp.5.el7.x86_64.rpm
Red Hat Enterprise Linux	6	x86_64	java-1.8.0-oracle-devel	1:1.8.0.151-1jpp.1.el6	java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux	6	any	java-1.8.0-oracle-devel	1:1.8.0.151-1jpp.1.el6.i686	java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.1.el6.i686.noarch.rpm
Red Hat Enterprise Linux	7	x86_64	java-1.8.0-oracle-devel	1:1.8.0.151-1jpp.5.el7	java-1.8.0-oracle-devel-1:1.8.0.151-1jpp.5.el7.x86_64.rpm
Red Hat Enterprise Linux	6	x86_64	java-1.8.0-oracle-javafx	1:1.8.0.151-1jpp.1.el6	java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.x86_64.rpm
Red Hat Enterprise Linux	6	any	java-1.8.0-oracle-javafx	1:1.8.0.151-1jpp.1.el6.i686	java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.1.el6.i686.noarch.rpm
Red Hat Enterprise Linux	7	x86_64	java-1.8.0-oracle-javafx	1:1.8.0.151-1jpp.5.el7	java-1.8.0-oracle-javafx-1:1.8.0.151-1jpp.5.el7.x86_64.rpm
Red Hat Enterprise Linux	6	x86_64	java-1.8.0-oracle-jdbc	1:1.8.0.151-1jpp.1.el6	java-1.8.0-oracle-jdbc-1:1.8.0.151-1jpp.1.el6.x86_64.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2017-10356
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2017-10356
cve	www.cve.org/CVERecord

29 Jun 2026 22:18Current

7.3High risk

Vulners AI Score7.3

CVSS 22.1

CVSS 3.16.2

EPSS0.00754

SSVC

OpenJDK Security component Weak keys Key stores Private keys Password guesses Decrypt keys