CVE-2016-1000345

In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Information

Published : 2018-06-04 14:29

Updated : 2020-10-20 15:15


NVD link : CVE-2016-1000345

Mitre link : CVE-2016-1000345


JSON object : View

CWE
CWE-361

7PK - Time and State

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux

bouncycastle

  • legion-of-the-bouncy-castle-java-crytography-api