Veracode Vulnerability DatabaseVERACODE:6009Hash Collision
4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N
Bouncy Castle is vulnerable to hash collision attacks. The library keystore files uses a HMAC hash that is only 16 bits long, allowing a malicious user to retrieve the password used for keystore integrity verification checks. This vulnerability only affects users of the BKS-V1 keystore format, which was re-introduced since 1.49. Since it is re-introduced in Bouncy Castle 1.49, users of Bouncy Castle 1.49 and above may be affected if the legacy BKS-V1 is being used. To remediate the vulnerability, ensure that there are no usage of BKS-V1.
References
www.securityfocus.com/bid/103453
access.redhat.com/errata/RHSA-2018:2927
cryptosense.com/blog/bouncycastle-keystore-security/
github.com/bcgit/bc-java/blob/5fdb1face92f596300323c25cba9fe18726645e8/prov/src/main/java/org/bouncycastle/jcajce/provider/keystore/BC.java#L20
insights.sei.cmu.edu/cert/2018/03/the-curious-case-of-the-bouncy-castle-bks-passwords.html
www.bouncycastle.org/releasenotes.html
www.kb.cert.org/vuls/id/306792
www.oracle.com/security-alerts/cpuoct2020.html
Related
4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:P/A:N