TLS Padding Oracle

Affecting com.madgag.spongycastle:bctls-jdk15on artifact, versions [,1.58]

high severity

Overview

org.bouncycastle:bctls-jdk15on

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as ROBOT.

Remediation

A fix was merged to the master branch but not yet published to Maven Central.

References

Do your applications use this vulnerable package?

Credit
Hanno Böck, Juraj Somorovsky, Craig Young
CVE
CVE-2017-13098
CWE
CWE-327
Snyk ID
SNYK-JAVA-COMMADGAGSPONGYCASTLE-32032
Disclosed
08 Dec, 2017
Published
03 Jan, 2018