In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-06-04T13:00:00

Updated: 2024-08-06T03:55:27.370Z

Reserved: 2018-06-04T00:00:00

Link: CVE-2016-1000341

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-06-04T13:29:00.340

Modified: 2024-11-21T02:43:02.957

Link: CVE-2016-1000341

cve-icon Redhat

Severity : Moderate

Publid Date: 2018-06-07T00:00:00Z

Links: CVE-2016-1000341 - Bugzilla