1. Home
  2. Vulnerabilities
  3. CVE-2016-1000343

CVE-2016-1000343

CVSS v3.0 7.5 (High)
75% Progress
CVSS v2.0 5 (Medium)
50% Progress
EPSS 0.38 % (74th)
0.38% Progress
Affected Products 2
Advisories 2
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.

Weaknesses
CWE-310
Cryptographic Issues
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2018-06-04 13:29:00
(6 years ago)
Updated Date
2023-11-07 02:29:27
(10 months ago)

Affected Products

Bouncycastle

Debian

Configuration #1

    CPE23 From Up To
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.55 and prior versions cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api <= 1.55

Configuration #2

    CPE23 From Up To
  Debian Linux 8.0 cpe:2.3:o:debian:debian_linux:8.0