PT-2008-5617 · Oracle+1 · Java+1
Published
2008-10-01
·
Updated
2017-08-08
·
CVE-2008-4368
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Java versions 1.5 on Apple Mac OS X versions 10.5.4 through 10.5.5
Description:
The default configuration of Java contains a jurisdiction policy that limits Java Cryptography Extension (JCE) key sizes to 128 bits. This limitation makes it easier for attackers to decrypt ciphertext produced by JCE.
Recommendations:
For Java 1.5 on Apple Mac OS X versions 10.5.4 through 10.5.5, consider updating the jurisdiction policy to allow for larger JCE key sizes to strengthen encryption.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Java
Macos X