-
Sub-task
-
Resolution: Done
-
Medium
-
None
-
None
-
None
-
Portal Sprint 6, Portal Sprint 7
older version of bouncycastle has vulnerability.
This was fixed in version 2.4.4
https://www.bouncycastle.org/releasenotes.html
"CVE-2016-1000341: DSA signature generation vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55 or earlier, may allow an attacker to gain information about the signatures k value and ultimately the private value as well."