CVE-2017-13098 – BouncyCastle JCE TLS Bleichenbacher/ROBOT
https://notcve.org/view.php?id=CVE-2017-13098
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT." BouncyCastle TLS, en versiones anteriores a la 1.0.3 cuando está configurado para utilizar la JCE (Java Cryptography Extension) para funciones criptográficas, proporciona un oráculo de Bleichenbacher débil cuando se negocia una suite de cifrado TLS que utiliza un intercambio de claves RSA. Un atacante puede recuperar la clave privada desde una aplicación vulnerable. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html http://www.kb.cert.org/vuls/id/144389 http://www.securityfocus.com/bid/102195 https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c https://robotattack.org https://security.netapp.com/advisory/ntap-20171222-0001 https://www.debian.org/security/2017/dsa-4072 https://www.oracle.com/security-alerts/cpuoct2020.html • CWE-203: Observable Discrepancy •
CVE-2013-1624 – bouncycastle: TLS CBC padding timing attack
https://notcve.org/view.php?id=CVE-2013-1624
The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. La implementación de TLS en la biblioteca Java de Bouncy Castle antes v1.48 y biblioteca C# antes de v1.8 no tiene debidamente en cuenta los ataques de tiempo al canal lateral en la operación de comprobación de incumplimiento MAC durante el proceso de relleno del CBC malformado, lo que permite a atacantes remotos realizar ataques distintivos y de texto plano, ataques de recuperación a través de análisis estadísticode tiempo de los paquetes hechos a mano, una cuestión relacionada con CVE-2013-0169. It was discovered that bouncycastle leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle. • http://openwall.com/lists/oss-security/2013/02/05/24 http://rhn.redhat.com/errata/RHSA-2014-0371.html http://rhn.redhat.com/errata/RHSA-2014-0372.html http://secunia.com/advisories/57716 http://secunia.com/advisories/57719 http://www.isg.rhul.ac.uk/tls/TLStiming.pdf https://access.redhat.com/security/cve/CVE-2013-1624 https://bugzilla.redhat.com/show_bug.cgi?id=908428 • CWE-310: Cryptographic Issues CWE-385: Covert Timing Channel •