First published: Mon Jun 04 2018(Updated: )
In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | <=1.55 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-1000352 is a vulnerability in the Bouncy Castle JCE Provider version 1.55 and earlier that allowed for the use of ECB mode, which is regarded as unsafe.
CVE-2016-1000352 has a severity rating of 7.4 (high).
To fix CVE-2016-1000352, update the Bouncy Castle JCE Provider to version 1.56 or later.
The affected software for CVE-2016-1000352 includes Bouncy Castle JCE Provider version 1.55 and earlier.
The CWE ID for CVE-2016-1000352 is CWE-310.