Bouncy Castle BKS-V1 CVE-2018-5382 Security Weakness

Bouncy Castle BKS-V1 is prone to a security weakness.
Successfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks.

Information

Bugtraq ID: 103453
Class: Design Error
CVE: CVE-2018-5382

Remote: No
Local: Yes
Published: Mar 19 2018 12:00AM
Updated: Mar 19 2018 12:00AM
Credit: Will Dormann
Vulnerable: Bouncy Castle BKS-V1 0

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

The Curious Case of the Bouncy Castle BKS Passwords (insights.sei.cmu.edu)
Bouncy Castle Homepage (Bouncy Castle)
Release Notes (bouncycastle)
VU#306792: Bouncy Castle BKS-V1 keystore files vulnerable to trivial hash collis (kb.cert)

Source: www.securityfocus.com

Exploit Collector

Search Exploit