• About
  • Privacy Policy
  • Terms and Conditions
  • Contact
Thursday, May 19, 2022
  • Login
Best Technologies
  • Home
  • News
  • Tech
  • Spotlight

    New Breakthrough for Themis Ecosystem: A Leading European Waste-Management Technology LuxVerte to Join and Become a Worldwide Leader

    Breaking: Could Roberto Hroval’s Themis Ecosystem™ Be The Game-Changer the World Has Been Waiting For?

    High Street Retailers Pin Hopes On Discount Splurge In Black Friday Fever

    Bitcoin Is ‘Definitely Not A Fraud,’ CEO of Mobile-Only Bank Revolut Says

    U.S. Online Sales Surge, Shoppers Throng Stores On Thanksgiving Evening

    The Victoria’s Secret 2016 Show Was Straight Out Of ‘Game of Thrones’

    California Fires: This Is What Happens When You Breathe In Smoke

    United And City Dispute The Blame for Manchester Derby Tunnel Bust-up

    Trump Ambassador Beat And ‘Kidnapped’ Woman In Watergate Cover-up: Reports

  • Business
  • Space
  • Videos
  • More
    • Mobile
    • Windows
    • Energy
    • Security
    • Health
    • Entertainment
No Result
View All Result
  • Home
  • News
  • Tech
  • Spotlight

    New Breakthrough for Themis Ecosystem: A Leading European Waste-Management Technology LuxVerte to Join and Become a Worldwide Leader

    Breaking: Could Roberto Hroval’s Themis Ecosystem™ Be The Game-Changer the World Has Been Waiting For?

    High Street Retailers Pin Hopes On Discount Splurge In Black Friday Fever

    Bitcoin Is ‘Definitely Not A Fraud,’ CEO of Mobile-Only Bank Revolut Says

    U.S. Online Sales Surge, Shoppers Throng Stores On Thanksgiving Evening

    The Victoria’s Secret 2016 Show Was Straight Out Of ‘Game of Thrones’

    California Fires: This Is What Happens When You Breathe In Smoke

    United And City Dispute The Blame for Manchester Derby Tunnel Bust-up

    Trump Ambassador Beat And ‘Kidnapped’ Woman In Watergate Cover-up: Reports

  • Business
  • Space
  • Videos
  • More
    • Mobile
    • Windows
    • Energy
    • Security
    • Health
    • Entertainment
No Result
View All Result
Best Technologies
No Result
View All Result
Home Security

Java 15 introduced a cryptographic vulnerability

by News Room
April 20, 2022
in Security
Share on FacebookShare on Twitter

Oracle has patched a vulnerability in server-side Java that allowed an attacker to forge some kinds of SSL certificates and handshakes, along with several kinds of authentication messages.

The vulnerabilities were discovered by ForgeRock security researcher Neil Madden and documented here.

“If you are using ECDSA [elliptic curve digital signature algorithm] signatures for any of these security mechanisms, then an attacker can trivially and completely bypass them if your server is running any Java 15, 16, 17, or 18 version before the April 2022 Critical Patch Update (CPU),” Madden wrote of CVE-2022-21449.

“For context, almost all WebAuthn/FIDO [Fast IDentity Online] devices in the real world (including Yubikeys) use ECDSA signatures and many OIDC [OpenID Connect] providers use ECDSA-signed JWTs.”

Madden points out that the affected versions of Java fail to check that two key variables in the ECDSA are not tested to ensure they’re non-zero.

As a result, an attacker can present any signature value in which those variables are zero – “the digital equivalent of a blank ID card” – and it will be accepted by the server as valid.

He said the bug was introduced by a rewrite of the relevant code from C++ to Java, which happened when Java 15 was released in 2020.

The bug was discovered and reported last November, and fixed in Oracle’s April Critical Patch Update (CPU).

While Oracle only assigned the bug 7.5 (high rated) under the Common Vulnerability Scoring System, ForgeRock disagreed, rating it 10.0 “due to the wide range of impacts on different functionality in an access management context”.

The Java bug is one of more than 500 patches released in the April CPU.

Source: ITNews

Related Posts

Security

Careful you don’t unwittingly hire North Korean IT freelancers

May 19, 2022
Security

US orders federal agencies to update or remove some VMWare products

May 18, 2022
Security

Australia’s ID systems ‘deficient’, unfit for online: review

May 18, 2022
Security

BLE ‘relay attack’ bad news for Tesla, digital locks

May 18, 2022
Security

Researchers find APT campaigns share known vulnerabilities

May 18, 2022
Security

NSW digital driver’s licences ‘easily forgeable’

May 18, 2022

Trending Now

  • Device that stores liquid sunshine could one day power your phone

    0 shares
    Share 0 Tweet 0
  • Virtual reality mask adds realism by making it harder to breathe

    0 shares
    Share 0 Tweet 0
  • Genetically engineered bacteria have learned to play tic-tac-toe

    0 shares
    Share 0 Tweet 0
  • Microsoft security patches breaking authentication

    0 shares
    Share 0 Tweet 0
  • Google calls for urgent switch to quantum-safe encryption as US delays

    0 shares
    Share 0 Tweet 0

Latest News

Tech

Apple accused of union busting in its stores for the second time this week

May 19, 2022
Mobile

Early Samsung Galaxy Z Flip 4 benchmark delivers good news for power users

May 19, 2022
Mobile

Best Amazon Prime Day iPhone deals: What to expect in 2022

May 19, 2022
Mobile

Not so well known feature greatly improves phone calls made on the iPhone

May 19, 2022
Mobile

Huawei introduces its newest foldable phone worldwide: the Huawei Mate Xs 2

May 19, 2022
Tech

NY attorney general is investigating Twitch, Discord, and 4chan over Buffalo shooting

May 19, 2022
Best Technologies

Best Technologies™ is an online tech news portal. It started as an honest effort to provide unbiased and well-suited information on the latest and trending tech news.

Sections

  • Business
  • Energy
  • Entertainment
  • Health
  • Mobile
  • News
  • Security
  • Space
  • Spotlight
  • Tech
  • Windows

Browse by Topic

AI artificial intelligence bitcoin chemistry cryptocurrencies hacking invasion privacy robot russia social networks ukraine

Recent Posts

  • Apple accused of union busting in its stores for the second time this week
  • Early Samsung Galaxy Z Flip 4 benchmark delivers good news for power users
  • Best Amazon Prime Day iPhone deals: What to expect in 2022
  • About
  • Privacy Policy
  • Terms and Conditions
  • Contact

© 2022 All Right Reserved - Blue Planet Global Media Network

No Result
View All Result
  • Home
  • News
  • Tech
  • Spotlight
  • Business
  • Space
  • Videos
  • More
    • Mobile
    • Windows
    • Energy
    • Security
    • Health
    • Entertainment

© 2022 All Right Reserved - Blue Planet Global Media Network

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website, you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.