6 matches found
Linux Distros Unpatched Vulnerability : CVE-2016-1000346
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be us...
FreeBSD : Mbed TLS -- Local side channel attack on RSA and static Diffie-Hellman (bcdeb6d2-f02d-11ea-838a-0011d823eebd)
Manuel Pegourie-Gonnard reports : An attacker with access to precise enough timing and memory access information typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world can recover the private keys used in RSA or static finite-field...
Using Ed25519 signing keys for encryption
@Benjojo12 and I are building an encryption tool that will also support SSH keys as recipients, because everyone effectively already publishes their SSH public keys on GitHub. For RSA keys, this is dangerous but straightforward: a PKCS1 v1.5 signing key is the same as an OAEP encryption key...
bouncycastle: Other party DH public keys are not fully validated
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are...
Security update for bouncycastle (moderate)
This update for bouncycastle to version 1.59 fixes the following issues: These security issues were fixed: - CVE-2017-13098: BouncyCastle, when configured to use the JCE Java Cryptography Extension for cryptographic functions, provided a weak Bleichenbacher oracle when any TLS cipher suite using...
CVE-2016-1000346
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are...