CVE-2020-26939
Sensitive Information Disclosure vulnerability in bcprov-jdk14 (Maven)
What is CVE-2020-26939 About?
This vulnerability is a Sensitive Information Disclosure in Legion of the Bouncy Castle BC and BC-FJA, where attackers can obtain sensitive information about a private exponent due to observable differences in behavior to error inputs. This allows for partial leakage of private key information, making it moderately difficult to exploit as it relies on specific error handling observations.
Affected Software
- org.bouncycastle:bcprov-jdk14
- <1.61
- org.bouncycastle:bcprov-jdk15
- <1.61
- org.bouncycastle:bcprov-jdk16
- <1.61
- org.bouncycastle:bc-fips
- <1.0.2
- org.bouncycastle:bcprov-ext-jdk15on
- <1.61
- org.bouncycastle:bcprov-ext-jdk16
- <1.61
- org.bouncycastle:bcprov-jdk15on
- <1.61
- org.bouncycastle:bcprov-jdk15to18
- <1.61
Technical Details
The vulnerability resides in org.bouncycastle.crypto.encodings.OAEPEncoding within Legion of the Bouncy Castle BC before 1.55 and BC-FJA before 1.0.2. When an invalid ciphertext that decrypts to a short payload is sent to the OAEP Decoder, it can cause an early exception to be thrown. This observable difference in behavior, depending on the decrypted payload length, inadvertently leaks information about the private exponent of the RSA private key used for decryption. Attackers can analyze these error responses to deduce parts of the private key.
What is the Impact of CVE-2020-26939?
Successful exploitation may allow attackers to deduce cryptographic private keys, compromise encrypted communications, and bypass security measures dependent on strong cryptography.
What is the Exploitability of CVE-2020-26939?
Exploitation of this vulnerability would likely be complex, requiring an attacker to be able to send specially crafted invalid ciphertext to a system utilizing the affected Bouncy Castle library for RSA decryption. There are no explicit authentication or privilege requirements mentioned, suggesting it could be a remote attack if the vulnerable decryption operation is exposed externally. The core requirement is the ability to observe differences in error-handling responses, which are subtle side-channels. The success of exploitation depends on the consistency and distinctiveness of these observable differences, and repeated attempts might be necessary to collect enough information for key reconstruction.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2020-26939?
Available Upgrade Options
- org.bouncycastle:bcprov-jdk15on
- <1.61 → Upgrade to 1.61
- org.bouncycastle:bcprov-jdk15
- <1.61 → Upgrade to 1.61
- org.bouncycastle:bcprov-jdk14
- <1.61 → Upgrade to 1.61
- org.bouncycastle:bcprov-ext-jdk16
- <1.61 → Upgrade to 1.61
- org.bouncycastle:bcprov-ext-jdk15on
- <1.61 → Upgrade to 1.61
- org.bouncycastle:bc-fips
- <1.0.2 → Upgrade to 1.0.2
- org.bouncycastle:bcprov-jdk15to18
- <1.61 → Upgrade to 1.61
- org.bouncycastle:bcprov-jdk16
- <1.61 → Upgrade to 1.61
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://lists.debian.org/debian-lts-announce/2020/11/msg00007.html
- https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E
- https://github.com/bcgit/bc-java/wiki/CVE-2020-26939
- https://nvd.nist.gov/vuln/detail/CVE-2020-26939
- https://github.com/bcgit/bc-java/commit/930f8b274c4f1f3a46e68b5441f1e7fadb57e8c1
- https://github.com/bcgit/bc-java/wiki/CVE-2020-26939
- https://osv.dev/vulnerability/GHSA-72m5-fvvv-55m6
- https://security.netapp.com/advisory/ntap-20201202-0005
- https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E
- https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e%40%3Cissues.solr.apache.org%3E
What are Similar Vulnerabilities to CVE-2020-26939?
Similar Vulnerabilities: CVE-2016-0777 , CVE-2016-0778 , CVE-2017-15227 , CVE-2016-7055 , CVE-2018-0737
