CVE Published: 13/12/2017 |
CVE Updated: 16/09/2024 |
CVE Year: 2017 Source: certcc |
Vendor: Legion of the Bouncy Castle |
Product: BouncyCastle TLS Status : PUBLISHED
CVE-2017-13098 Description
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."