It was discovered that the Elliptic Curve (EC) cryptography implementation in the Security component of OpenJDK did not perform computations for certain points correctly. An attacker able to interact with a Java application using EC cryptography could possibly use this flaw to obtain information about the used key.
It was discovered that the Elliptic Curve (EC) cryptography implementation in the Security component of OpenJDK did not perform computations for certain points correctly. An attacker able to interact with a Java application using EC cryptography could possibly use this flaw to obtain information about the used key.
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/d99101781d7e