Information disclosure in BouncyCastle



Published: 2018-03-22
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2018-5382
CWE-ID CWE-264
Exploitation vector Local
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe 		The Bouncy Castle Crypto Package For Java
Universal components / Libraries / Libraries used by multiple products

Vendor Legion of the Bouncy Castle Inc.

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Brute-force attack

EUVDB-ID: #VU11223

Risk: Low

CVSSv3.1: 3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-5382

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to cobtain potentially sensitive information on the target system.

The weakness exists due to a design error when determining the size of the to be used to protect data inside of a keystore. A local attacker can gain access to a BKSv1 keystore file, bypass security restrictions and conduct brute-force attack.

Mitigation

Update to version 1.47 or later.

Vulnerable software versions

The Bouncy Castle Crypto Package For Java: 1.0 - 1.46

External links

http://www.kb.cert.org/vuls/id/306792


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###