5.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-15522

GHSA ID

GHSA-6xx3-rg99-gc3p

EPSS Score

0.62412%

CWE

CWE-203

Published

8/13/2021

Updated

5/30/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-15522

CVE-2020-15522: Timing based private key exposure in Bouncy Castle

Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.2.1, BC before 1.66, BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.

(GitHub Advisory)

5.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-15522

GHSA ID

GHSA-6xx3-rg99-gc3p

EPSS Score

0.62412%

CWE

CWE-203

Published

8/13/2021

Updated

5/30/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.bouncycastle:bc-fips	maven	<= 1.0.2	1.0.2.1
org.bouncycastle:bcprov-ext-jdk15on	maven	< 1.66	1.66
org.bouncycastle:bcprov-ext-jdk16	maven	< 1.66	1.66
org.bouncycastle:bcprov-jdk14	maven	< 1.66	1.66
org.bouncycastle:bcprov-jdk15	maven	< 1.66	1.66
org.bouncycastle:bcprov-jdk15on	maven	< 1.66	1.66
org.bouncycastle:bcprov-jdk15to18	maven	< 1.66	1.66
org.bouncycastle:bcprov-jdk16	maven	< 1.66	1.66
BouncyCastle	nuget	< 1.8.7	1.8.7

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from non-constant-time implementation of EC scalar multiplication in deterministic ECDSA. The Bouncy Castle wiki explicitly references ECPoint.implShamirsTrickWNaf as the location where blinding was added to mitigate timing attacks. This method is critical for signature generation and would appear in profiler traces during cryptographic operations. The lack of blinding in vulnerable versions made execution time dependent on private key bits, enabling side-channel analysis.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*oun*y **stl* ** J*v* ***or* *.**, ** *# .N*T ***or* *.*.*, **-*J* ***or* *.*.*.*, ** ***or* *.**, **-*N* ***or* *.*.*.* **v* * timin* issu* wit*in t** ** m*t* li*r*ry t**t **n *xpos* in*orm*tion **out t** priv*t* k*y w**n *n *tt**k*r is **l* to o*s*

Reasoning

T** vuln*r**ility st*ms *rom non-*onst*nt-tim* impl*m*nt*tion o* ** s**l*r multipli**tion in **t*rministi* ***S*. T** *oun*y **stl* wiki *xpli*itly r***r*n**s `**Point.implS**mirsTri*kWN**` *s t** lo**tion w**r* *lin*in* w*s ***** to miti**t* timin*

5.1

Basic Information

Concerned about an active attack path?

CVE-2020-15522: Timing based private key exposure in Bouncy Castle

5.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI