CVE-2016-1000345
Padding Oracle Attack vulnerability in bcprov-jdk14 (Maven)
What is CVE-2016-1000345 About?
This vulnerability affects the DHIES/ECIES CBC mode in the Bouncy Castle JCE Provider, making it susceptible to a padding oracle attack. In environments where timing differences are observable, an attacker can discern information about decryption failures due to padding errors. This leads to information disclosure and potentially plaintext recovery, with exploitation complexity depending on the ability to monitor timing variations.
Affected Software
- org.bouncycastle:bcprov-jdk14
- <1.56
- org.bouncycastle:bcprov-jdk15
- <1.56
- org.bouncycastle:bcprov-jdk15on
- <1.56
Technical Details
In Bouncy Castle JCE Provider versions 1.55 and earlier, when utilizing DHIES/ECIES in CBC mode, the implementation is vulnerable to a padding oracle attack. During decryption, if timing differences in processing errors (specifically padding errors) can be observed, an attacker can statistically infer whether a decryption attempt results in a padding error or another type of error. By iteratively sending slightly modified ciphertexts and observing the timing of the server's responses, an attacker can determine if the padding bytes are correct, thus decrypting the ciphertext byte by byte. This allows for sensitive information disclosure, as the attacker can deduce the original plaintext of encrypted messages.
What is the Impact of CVE-2016-1000345?
Successful exploitation may allow attackers to decrypt encrypted data, recover sensitive information, or compromise data confidentiality.
What is the Exploitability of CVE-2016-1000345?
Exploiting this vulnerability requires the ability to observe timing differences in decryption failures, which can range from moderate to high complexity depending on the network environment and system architecture. It typically doesn't require authentication, as the attacker is interacting with the encryption/decryption mechanism itself. Remote access is possible if the system exposes an interface that processes encrypted data and reveals timing differences. The primary prerequisite is a sufficiently noisy channel or sensitive system where small timing variations can be reliably measured. The likelihood of exploitation increases in high-performance or constrained environments where timing analysis is more feasible.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2016-1000345?
Available Upgrade Options
- org.bouncycastle:bcprov-jdk15
- <1.56 → Upgrade to 1.56
- org.bouncycastle:bcprov-jdk15on
- <1.56 → Upgrade to 1.56
- org.bouncycastle:bcprov-jdk14
- <1.56 → Upgrade to 1.56
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://access.redhat.com/errata/RHSA-2018:2927
- https://osv.dev/vulnerability/GHSA-9gp4-qrff-c648
- https://github.com/bcgit/bc-java/commit/21dcb3d9744c83dcf2ff8fcee06dbca7bfa4ef35#diff-4439ce586bf9a13bfec05c0d113b8098
- https://access.redhat.com/errata/RHSA-2018:2669
- https://access.redhat.com/errata/RHSA-2018:2669
- https://access.redhat.com/errata/RHSA-2018:2927
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000345
- https://lists.debian.org/debian-lts-announce/2018/07/msg00009.html
- https://security.netapp.com/advisory/ntap-20181127-0004/
What are Similar Vulnerabilities to CVE-2016-1000345?
Similar Vulnerabilities: CVE-2002-0925 , CVE-2003-0147 , CVE-2004-0320 , CVE-2005-0487 , CVE-2006-0391
