CGA-5mrq-75x2-g8hj
Timing Attack vulnerability in bctls-fips (Maven)
What is CGA-5mrq-75x2-g8hj About?
This vulnerability in Bouncy Castle Java TLS API and JSSE Provider before 1.78 allows for timing-based leakage during RSA handshakes. Attackers could potentially extract sensitive information, such as private keys, via side-channel attacks. The ease of exploitation is generally high for timing attacks given specific conditions are met.
Affected Software
- org.bouncycastle:bctls-fips
- <1.0.19
- org.bouncycastle:bcprov-jdk18on
- <1.78
- org.bouncycastle:bcprov-jdk15on
- <1.78
- org.bouncycastle:bcprov-jdk15to18
- <1.78
- org.bouncycastle:bcprov-jdk14
- <1.78
- org.bouncycastle:bctls-jdk18on
- <1.78
- org.bouncycastle:bctls-jdk14
- <1.78
- org.bouncycastle:bctls-jdk15to18
- <1.78
- BouncyCastle.Cryptography
- <2.3.1
Technical Details
The Bouncy Castle Java TLS API and JSSE Provider, in versions prior to 1.78, exhibit a timing-based leakage during RSA-based TLS handshakes. This leakage stems from variations in exception processing times during cryptographic operations. An attacker can perform a large number of RSA handshake attempts and precisely measure the time taken for each operation. By analyzing these subtle timing differences, particularly those caused by exception handling paths, an attacker may be able to deduce information about the RSA private key used in the handshake, leading to potential key recovery through a side-channel attack.
What is the Impact of CGA-5mrq-75x2-g8hj?
Successful exploitation may allow attackers to potentially extract sensitive cryptographic keys or other confidential information through side-channel analysis, leading to compromise of confidentiality and impersonation.
What is the Exploitability of CGA-5mrq-75x2-g8hj?
Exploitation of a timing attack is generally complex and requires a high degree of precision in measurement. There are no authentication or privilege prerequisites for performing the timing measurements, as these attacks typically occur at the network level by observing the target server's responses. This is a remote exploitation scenario. Special conditions include a high-resolution timer on the attacker's system and a stable network connection to minimize noise in measurements. The risk factors increase if the server processes a large volume of RSA handshakes with the vulnerable library, providing more data points for an attacker to analyze.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CGA-5mrq-75x2-g8hj?
Available Upgrade Options
- org.bouncycastle:bctls-jdk14
- <1.78 → Upgrade to 1.78
- org.bouncycastle:bcprov-jdk15on
- <1.78 → Upgrade to 1.78
- org.bouncycastle:bcprov-jdk15to18
- <1.78 → Upgrade to 1.78
- org.bouncycastle:bctls-jdk18on
- <1.78 → Upgrade to 1.78
- org.bouncycastle:bctls-fips
- <1.0.19 → Upgrade to 1.0.19
- org.bouncycastle:bctls-jdk15to18
- <1.78 → Upgrade to 1.78
- org.bouncycastle:bcprov-jdk18on
- <1.78 → Upgrade to 1.78
- org.bouncycastle:bcprov-jdk14
- <1.78 → Upgrade to 1.78
- BouncyCastle.Cryptography
- <2.3.1 → Upgrade to 2.3.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://security.netapp.com/advisory/ntap-20240614-0008
- https://www.bouncycastle.org/latest_releases.html
- https://github.com/bcgit/bc-java/commit/d7d5e735abd64bf0f413f54fd9e495fc02400fb0
- https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171
- https://github.com/bcgit/bc-csharp/commit/c984b8bfd8544dfc55dba91a02cbbbb9c580c217
- https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171
- https://github.com/bcgit/bc-csharp/wiki/CVE%E2%80%902024%E2%80%9030171
- https://github.com/bcgit/bc-java/wiki/CVE%E2%80%902024%E2%80%9030171
- https://github.com/bcgit/bc-java/commit/e0569dcb1dea9d421d84fc4c5c5688fe101afa2d
- https://osv.dev/vulnerability/GHSA-v435-xc8x-wvr9
What are Similar Vulnerabilities to CGA-5mrq-75x2-g8hj?
Similar Vulnerabilities: CVE-2016-2180 , CVE-2016-0703 , CVE-2014-3566 , CVE-2015-0210 , CVE-2013-0169
