CVE-2019-3740

Name of the Vulnerable Software and Affected Versions RSA BSAFE Crypto-J versions prior to 6.2.5

Description The issue is related to errors in the use of cryptography, specifically during DSA key generation, which can lead to information exposure through timing discrepancy. A malicious remote attacker could potentially exploit this to recover DSA keys. The vulnerability can be exploited by a remote attacker using specially crafted HTTPS requests, potentially allowing unauthorized access to information.

Recommendations For RSA BSAFE Crypto-J versions prior to 6.2.5, update to version 6.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the DSA key generation functionality until a patch is available. Avoid using the affected cryptography component for sensitive operations until the issue is resolved.