CVE-2020-15522
Timing Issue vulnerability in bc-fips (Maven)

Timing Issue No known exploit

What is CVE-2020-15522 About?

This is a timing vulnerability in the Bouncy Castle BC Java, BC C# .NET, BC-FJA, and BC-FNA libraries before specific versions, related to their EC math library. Attackers can observe timing differences during deterministic ECDSA signature generation to potentially extract sensitive private key information. Exploitation is complex, requiring precise timing measurements over multiple signature generations.

Affected Software

  • org.bouncycastle:bc-fips
    • <1.0.2.1
  • org.bouncycastle:bcprov-ext-jdk15on
    • <1.66
  • org.bouncycastle:bcprov-ext-jdk16
    • <1.66
  • org.bouncycastle:bcprov-jdk14
    • <1.66
  • org.bouncycastle:bcprov-jdk15
    • <1.66
  • org.bouncycastle:bcprov-jdk15on
    • <1.66
  • org.bouncycastle:bcprov-jdk15to18
    • <1.66
  • org.bouncycastle:bcprov-jdk16
    • <1.66
  • BouncyCastle
    • <1.8.7

Technical Details

The vulnerability lies within the EC math library used for Elliptic Curve Digital Signature Algorithm (ECDSA) signature generation. When generating deterministic ECDSA signatures, the execution time of certain operations within the cryptographic algorithm can vary depending on the specific bits or values of the private key. An attacker who can repeatedly initiate signature generation by the vulnerable system and accurately measure the time it takes for each operation (a side-channel attack) can observe these subtle timing differences. By accumulating enough timing data from multiple signatures, an attacker can statistically infer information about the private key, compromising its confidentiality.

What is the Impact of CVE-2020-15522?

Successful exploitation may allow attackers to leak sensitive cryptographic private key material, leading to impersonation, unauthorized signing, and complete compromise of digital identities.

What is the Exploitability of CVE-2020-15522?

Exploiting this timing issue is highly complex, requiring meticulous observation and statistical analysis. Prerequisites include the ability to repeatedly trigger ECDSA signature generation on the target system and accurately measure the precise execution times of these operations. There are no inherent authentication or privilege requirements for observing timing; however, direct network access to the cryptographic operation or a shared execution environment might be necessary for accurate measurements. This is typically a remote exploit where timing data is gathered over a network, but could also be local if sufficient access to system resources is available. The primary risk factor is the repeated generation of deterministic ECDSA signatures by a vulnerable library, especially in scenarios where an attacker can control some input to the signature process or observe processing times with high precision.

What are the Known Public Exploits?

PoC Author Link Commentary
No known exploits

What are the Available Fixes for CVE-2020-15522?

Available Upgrade Options

  • org.bouncycastle:bc-fips
    • <1.0.2.1 → Upgrade to 1.0.2.1
  • org.bouncycastle:bcprov-jdk14
    • <1.66 → Upgrade to 1.66
  • org.bouncycastle:bcprov-ext-jdk15on
    • <1.66 → Upgrade to 1.66
  • org.bouncycastle:bcprov-jdk16
    • <1.66 → Upgrade to 1.66
  • org.bouncycastle:bcprov-jdk15to18
    • <1.66 → Upgrade to 1.66
  • BouncyCastle
    • <1.8.7 → Upgrade to 1.8.7
  • org.bouncycastle:bcprov-jdk15on
    • <1.66 → Upgrade to 1.66
  • org.bouncycastle:bcprov-jdk15
    • <1.66 → Upgrade to 1.66
  • org.bouncycastle:bcprov-ext-jdk16
    • <1.66 → Upgrade to 1.66

Struggling with dependency upgrades?

See how Resolved Security's drop-in replacements make it simple.

Book a demo

Additional Resources

What are Similar Vulnerabilities to CVE-2020-15522?

Similar Vulnerabilities: CVE-2016-7056 , CVE-2015-0204 , CVE-2015-0205 , CVE-2014-0224 , CVE-2015-0291

All Rights reserved 2025
Privacy Policy