Vulnerabilities

CVE-2015-7940

by Fred · 09/11/2015

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."

Date published : 2015-11-09

http://www.securityfocus.com/bid/79091

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Similar

Tags: Cybersecurity Alert