Inadequate M-R Tests in RSA Key Pair Generation in Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and Earlier

Inadequate M-R Tests in RSA Key Pair Generation in Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and Earlier

CVE-2018-1000180 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.

Learn more about our Api Penetration Testing.