2018-04-16 16:29:01 2019-10-03 02:03:26

Bouncy Castle BKS version 1 keystore (BKS-V1) files use an HMAC that is only 16 bits long, which can allow an attacker to compromise the integrity of a BKS-V1 keystore. All BKS-V1 keystores are vulnerable. Bouncy Castle release 1.47 introduces BKS version 2, which uses a 160-bit MAC.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL
Legion of the Bouncy Castle Java Cryptography API 1.46 Legion of the Bouncy Castle Java Cryptography API 1.45 Legion of the Bouncy Castle Java Cryptography API 1.44 Legion of the Bouncy Castle Java Cryptography API 1.43 Legion of the Bouncy Castle Java Cryptography API 1.42 Legion of the Bouncy Castle Java Cryptography API 1.41 Legion of the Bouncy Castle Java Cryptography API 1.40 Legion of the Bouncy Castle Java Cryptography API 1.39 Legion of the Bouncy Castle Java Cryptography API 1.38 Legion of the Bouncy Castle Java Cryptograph API 1.37 Legion of the Bouncy Castle Java Cryptography API 1.36 Legion of the Bouncy Castle Java Cryptography API 1.35 Legion of the Bouncy Castle Java Cryptography API 1.34 Legion of the Bouncy Castle Java Cryptography API 1.33 Legion of the Bouncy Castle Java Cryptography API 1.32 Legion of the Bouncy Castle Java Cryptography API 1.31 Legion of the Bouncy Castle Java Cryptography API 1.30 Legion of the Bouncy Castle Java Cryptography API 1.29 Legion of the Bouncy Castle Java Cryptography API 1.28 Legion of the Bouncy Castle Java Cryptography API 1.27 Legion of the Bouncy Castle Java Cryptography API 1.26 Legion of the Bouncy Castle Java Cryptography API 1.25 Legion of the Bouncy Castle Java Cryptography API 1.24 Legion of the Bouncy Castle Java Cryptography API 1.23 Legion of the Bouncy Castle Java Cryptography API 1.22 Legion of the Bouncy Castle Java Cryptography API 1.21 Legion of the Bouncy Castle Java Cryptography API 1.20 Legion of the Bouncy Castle Java Cryptography API 1.19 Legion of the Bouncy Castle Java Cryptography API 1.18 Legion of the Bouncy Castle Java Cryptography API 1.17 Legion of the Bouncy Castle Java Cryptography API 1.16 Legion of the Bouncy Castle Java Cryptography API 1.15 Legion of the Bouncy Castle Java Cryptography API 1.14 Legion of the Bouncy Castle Java Cryptography API 1.13 Legion of the Bouncy Castle Java Cryptography API 1.12 Legion of the Bouncy Castle Java Cryptography API 1.11 Legion of the Bouncy Castle Java Cryptography API 1.10 Legion of the Bouncy Castle Java Cryptography API 1.09 Legion of the Bouncy Castle Java Cryptography API 1.08 Legion of the Bouncy Castle Java Cryptography API 1.07 Legion of the Bouncy Castle Java Cryptography API 1.06 Legion of the Bouncy Castle Java Cryptography API 1.05 Legion of the Bouncy Castle Java Cryptography API 1.04 Legion of the Bouncy Castle Java Cryptography API 1.03 Legion of the Bouncy Castle Java Cryptography API 1.02 Legion of the Bouncy Castle Java Cryptography API 1.01