New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
HIGH 7.5 Maven

In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values

GHSA-rrvx-pwf8-p59p · CVE-2016-1000343

Published · Modified

Description

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.

Ready to move

Start Securing

Free, no credit card | First findings in minutes