Описание
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS#1 1.5 and OAEP decryption process (a.k.a. Marvin Attack). An attacker can recover cipher-texts via a side-channel attack by exploiting the Marvin security flaw. The PKCS#1 1.5 attack vector leaks data via javax.crypto.Cipher exceptions and the OAEP interface vector leaks via the bit size of the decrypted data.
Отчет
Within regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-208: Observable Timing Discrepancy vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low. The platform enforces hardening guidelines to apply the most restrictive settings necessary for operations. Baseline configurations and system controls ensure secure software states, while least functionality reduces the attack surface by maintaining consistent settings and minimizing timing variations that could expose discrepancies. Domain accounts are configured with lockout policies to reduce the effectiveness of brute-force attacks and prevent attackers from inferring valid credentials through response timing. Event logs are centrally collected and analyzed to detect anomalous timing-based behaviors that may indicate timing attacks. Static code analysis and peer reviews enforce strong input validation and error handling, limiting the introduction of time-based exploits. Additionally, controls such as process isolation and encryption of data at rest contain the impact of successful exploitation by isolating compromised processes and preventing unauthorized data access.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Cryostat 2 | org.bouncycastle-bcprov-jdk18on | Affected | ||
| Red Hat build of Apache Camel for Spring Boot 3 | org.bouncycastle-bcprov-jdk18on | Out of support scope | ||
| Red Hat Build of Keycloak | org.bouncycastle-bcprov-jdk18on | Affected | ||
| Red Hat build of Quarkus | org.bouncycastle/bcprov-jdk18on | Not affected | ||
| Red Hat Data Grid 8 | org.bouncycastle-bcprov-jdk18on | Not affected | ||
| Red Hat Fuse 7 | org.bouncycastle-bcprov-jdk18on | Affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | org.bouncycastle-bcprov-jdk18on | Not affected | ||
| streams for Apache Kafka | org.bouncycastle-bcprov-jdk18on | Not affected | ||
| Cryostat 3 on RHEL 8 | cryostat-tech-preview/cryostat-db-rhel8 | Fixed | RHSA-2024:4173 | 08.07.2024 |
| Cryostat 3 on RHEL 8 | cryostat-tech-preview/cryostat-grafana-dashboard-rhel8 | Fixed | RHSA-2024:4173 | 08.07.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provide ...
EPSS
5.9 Medium
CVSS3