Vigil@nce - Bouncy Castle: MD5 allowed in TLS 1.2
January 2016 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can create a collision with a weak algorithm such as
MD5 in a TLS 1.2 session of Bouncy Castle, in order to capture
data belonging to this session.
– Impacted products: Bouncy Castle JCE.
– Severity: 1/4.
– Creation date: 30/12/2015.
DESCRIPTION OF THE VULNERABILITY
The Bouncy Castle library implements TLS version 1.2.
However, Bouncy Castle does not check if the algorithm used in the
DigitallySigned structure is part of the accepted algorithms
indicated in the signature_algorithms extension or the
CertificateRequest message.
This vulnerability has the same origin than VIGILANCE-VUL-18586.
An attacker can therefore create a collision with a weak algorithm
such as MD5 in a TLS 1.2 session of Bouncy Castle, in order to
capture data belonging to this session.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Bouncy-Castle-MD5-allowed-in-TLS-1-2-18615