CVE-2016-1000343
Weak Key Generation vulnerability in bcprov-jdk14 (Maven)
What is CVE-2016-1000343 About?
The Bouncy Castle JCE Provider versions 1.55 and earlier generate weak private keys for DSA if used with default values. This results in cryptographic weakness due to a small, fixed-size private value assumption. Exploiting this vulnerability requires specific knowledge of cryptography and conditions under which the weak key is generated, making it moderately difficult.
Affected Software
- org.bouncycastle:bcprov-jdk14
- <1.56
- org.bouncycastle:bcprov-jdk15
- <1.56
- org.bouncycastle:bcprov-jdk15on
- <1.56
Technical Details
In Bouncy Castle JCE Provider versions 1.55 and earlier, when a DSA key pair is generated using default settings (i.e., when the JCA key pair generator is not explicitly initialized with specific DSA parameters), the provider defaults to generating a private value suitable for a 1024-bit key size. This occurs even if larger key sizes are implicitly expected or possible, or if the 'default' should vary based on security recommendations. Consequently, the generated private key is cryptographically weak, as its small, fixed-size nature makes it susceptible to brute-force or other cryptographic attacks that would be infeasible against a properly sized and randomly generated key, compromising the security of operations relying on this key.
What is the Impact of CVE-2016-1000343?
Successful exploitation may allow attackers to compromise the confidentiality and integrity of data encrypted or signed with the weak key, facilitating impersonation or data tampering.
What is the Exploitability of CVE-2016-1000343?
Exploiting this vulnerability involves leveraging the weak private key to forge signatures or decrypt data, which is a high-complexity task requiring significant cryptographic expertise and computational resources. This is not a direct attack on a running system but rather a compromise of cryptographic primitives. There are no authentication or privilege requirements to trigger the weak key generation itself, as it's a default behavior. It's typically a local problem where the applications incorporate the vulnerable Bouncy Castle version. The main prerequisite is an application generating DSA keys without explicitly initializing the key pair generator with strong parameters. The risk factor increases if these weakly generated keys are used for long-term critical security functions, as the compromise could have delayed but significant impact.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2016-1000343?
Available Upgrade Options
- org.bouncycastle:bcprov-jdk15
- <1.56 → Upgrade to 1.56
- org.bouncycastle:bcprov-jdk14
- <1.56 → Upgrade to 1.56
- org.bouncycastle:bcprov-jdk15on
- <1.56 → Upgrade to 1.56
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://access.redhat.com/errata/RHSA-2018:2927
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000343
- https://security.netapp.com/advisory/ntap-20181127-0004/
- https://github.com/bcgit/bc-java/commit/50a53068c094d6cff37659da33c9b4505becd389#diff-5578e61500abb2b87b300d3114bdfd7d
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://access.redhat.com/errata/RHSA-2018:2669
- https://github.com/bcgit/bc-java
- https://github.com/advisories/GHSA-rrvx-pwf8-p59p
- https://security.netapp.com/advisory/ntap-20181127-0004
- https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
What are Similar Vulnerabilities to CVE-2016-1000343?
Similar Vulnerabilities: CVE-2008-0166 , CVE-2012-0657 , CVE-2013-6449 , CVE-2015-8326 , CVE-2016-2177
