CVE-2016-1000343

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Bouncy Castle JCE Provider versions 1.55 and earlier

Description The issue concerns the generation of weak private keys by the DSA key pair generator when used with default values. If the JCA key pair generator is not explicitly initialized with DSA parameters, it generates a private value assuming a 1024-bit key size. This can be mitigated by explicitly passing parameters to the key pair generator.

Recommendations For Bouncy Castle JCE Provider versions 1.55 and earlier, explicitly initialize the JCA key pair generator with DSA parameters to avoid generating weak private keys.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2016-1000343

DLA-1418-1

GHSA-RRVX-PWF8-P59P

MGASA-2018-0376

OPENSUSE-SU-2018_1689-1

OPENSUSE-SU-2024:10661-1

RHSA-2018:2927

USN-3727-1

Affected Products

Bouncy Castle Jce Provider

Jira

Suse

Ubuntu

CVE-2016-1000343

Weakness Enumeration

Related Identifiers

Affected Products

References · 54