RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.
| Link | Tags |
|---|---|
| https://www.oracle.com/security-alerts/cpujul2020.html | third party advisory patch |
| https://www.dell.com/support/security/en-us/details/DOC-106556/DSA-2019-094-RSA-BSAFE®%3B-Crypto-J-Multiple-Security-Vulnerabilities | |
| https://www.oracle.com/security-alerts/cpuoct2020.html | third party advisory patch |
| https://www.oracle.com/security-alerts/cpuApr2021.html | third party advisory patch |
| https://www.oracle.com//security-alerts/cpujul2021.html | third party advisory patch |
| https://www.oracle.com/security-alerts/cpuoct2021.html | third party advisory patch |
| https://www.oracle.com/security-alerts/cpuapr2022.html | third party advisory patch |