In the Bouncy Castle JCE Provider version 1.55 and previous versions the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and previous versions generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bouncycastle legion-of-the-bouncy-castle-java-crytography-api |
||
debian debian linux 8.0 |