In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.bouncycastle:bcprov-jdk14(Maven) | 0 | 1.56 | N/A |
| org.bouncycastle:bcprov-jdk15(Maven) | 0 | 1.56 | N/A |
| org.bouncycastle:bcprov-jdk15on(Maven) | 0 | 1.56 | N/A |
CVSS Metrics
