Encryption Library Bouncycastle Security Update (MINDBREEZE16259)
ID: MINDBREEZE16259
Affected Components: Mindbreeze InSpire G6, Mindbreeze InSpire G7, Mindbreeze InSpire SaaS
Severity: 7.5 High
Status: Final
First published: February 2, 2021
CVEs: CVE-2016-1000338, CVE-2016-1000341, CVE-2020-26939, CVE-2016-1000342
Summary
The Bouncy Castle Update contains fixes for the following CVEs:
- The DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. (CVE-2016-1000338)
- DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well. (CVE-2016-1000341)
- ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. (CVE-2016-1000342)
- Attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. This occurs in org.bouncycastle.crypto.encodings.OAEPEncoding. Sending invalid ciphertext that decrypts to a short payload in the OAEP Decoder could result in the throwing of an early exception, potentially leaking some information about the private exponent of the RSA private key performing the encryption. (CVE-2020-26939)
Remediation
Hotfix Information
Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:
- Mindbreeze InSpire 20.5 Release (Version 20.5.1.835)
- Mindbreeze InSpire SaaS 20.5 Release (Version 20.5.1.835)