Observable Discrepancy in BouncyCastle
Moderate severity
GitHub Reviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Dec 13, 2017
Published to the GitHub Advisory Database
May 13, 2022
Reviewed
Jul 1, 2022
Last updated
Jan 27, 2023
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."
References