Bouncy Castle has a flaw in the Low-level interface to RSA key pair generator
High severity
GitHub Reviewed
Published
Oct 16, 2018
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
Jun 5, 2018
Published to the GitHub Advisory Database
Oct 16, 2018
Reviewed
Jun 16, 2020
Last updated
Feb 1, 2023
Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.
References