CVE-2018-5382

CWE-327 — Broken Cryptographic Algorithm CWE-3548 documents7 sources

Severity

4.4MEDIUM

EPSS

0.2%

top 64.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Legion OF THE Bouncy Castle Bouncy Castle Bouncycastle Bc-java Redhat Satellite +1 more

Timeline

PublishedApr 16

Latest updateMay 13

Description

The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. Bouncy Castle release 1.47 changes the BKS format to a format which uses a 160 bit HMAC instead. This applies to any BKS keystore generated prior to BC 1.47. For situations where people need to create the files for legacy reasons a specific keystore type "BKS-V1" was introduced in 1.49. It should be noted that the use of "BKS-V1" is discouraged by the library…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 1.8 | Impact: 2.5

Affected Packages6 packages

▶Mavenorg.bouncycastle:bcprov-jdk15on< 1.50

▶CVEListV5legion_of_the_bouncy_castle/bouncy_castleall — 1.47

▶Debianbouncycastle< 1.48+dfsg-2+3

▶NVDbouncycastle/bc-java1.49

▶NVDredhat/satellite6.4

🔴Vulnerability Details

GHSA

Improper Validation of Integrity Check Value in Bouncy Castle↗2022-05-13

▶

OSV

Improper Validation of Integrity Check Value in Bouncy Castle↗2022-05-13

▶

OSV

CVE-2018-5382: The default BKS keystore use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore↗2018-04-16

▶

CVEList

Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collisions↗2018-04-16

▶

📋Vendor Advisories

Debian

CVE-2018-5382: bouncycastle - The default BKS keystore use an HMAC that is only 16 bits long, which can allow ...↗2018

▶

Red Hat

bouncycastle: BKS-V1 keystore files vulnerable to trivial hash collisions↗2012-03-30

▶

💬Community

Bugzilla

CVE-2018-5382 bouncycastle: BKS-V1 keystore files vulnerable to trivial hash collisions↗2018-04-04

▶