CVE-2018-5382

Name of the Vulnerable Software and Affected Versions Bouncy Castle versions prior to 1.47

Description The default BKS keystore uses an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS keystore. This issue applies to any BKS keystore generated prior to Bouncy Castle release 1.47. A new keystore type "BKS-V1" was introduced in version 1.49 for legacy reasons, but its use is discouraged by the library authors due to security concerns.

Recommendations For versions prior to 1.47, update to version 1.47 or later to use the new BKS format with a 160 bit HMAC. As a temporary workaround, consider avoiding the use of BKS keystores generated prior to version 1.47, especially in situations where the integrity of the keystore is crucial.