Nexus Intelligence Insights: CVE-2018-5382 Bouncycastle Information Exposure

For our last Nexus Intelligence Insight of 2019, we’ll cover a component vulnerability discovered in a not-so-happy accident that appears far more dangerous than the researcher had previously hypothesized.

The back story starts with Carnegie Mellon University SEI researcher Will Dormann who was researching brute force password discovery and how the Bouncy Castle BKS version 1 file is vulnerable to a brute force breach using associated metadata with a file format kept largely unprotected by default. The empirical results of his experiment are both expected and unexpected and will hopefully help developers and security professionals alike, stay ahead of the threat this component potentially poses. We’ll dig into the attack mechanics, the unintended find and what developers can do to remediate. 

Name of Vulnerability/Sonatype ID: CVE-2018-5382
Type of Vulnerability: Information Exposure
Severity: 9.8
CVSS 3.0 Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Components Affected:
org.bouncycastle : bcprov-jdk14 : ( , 1.47)
org.bouncycastle : bcprov-jdk15on : ( , 1.47)
org.bouncycastle : bcprov-jdk16 : ( , )

Vulnerability Description:

The `bouncycastle` package is vulnerable to Information Exposure due to inadequate encryption strength. The `engineLoad()` function in the `JDKKeyStore.class` file uses BKS version 1 (which utilizes a 16-bit HMAC hash) which is not safe. This flaw allows an attacker to brute-force and derive sensitive values which can be used to compromise security or perform timing attacks.

Attack Mechanics:
Timing and side-channel attacks work by an attacker being able to deduce a secret by brute-forcing multiple values observing the time it takes for the processor to validate an incorrect answer from a correct one and return a response. This can, over time, deduce the secret or enough data for the attacker to be able to deduce the secret value.

In this particular case, the inadequate encryption length uses a (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Elisa Velarde. Read the original post at: