CVE-2016-1000345 in JCE Provider
Summary
by MITRE
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 09/13/2025
The vulnerability identified as CVE-2016-1000345 affects the Bouncy Castle Java Cryptography Extension provider version 1.55 and earlier implementations. This represents a critical security flaw in the cryptographic library's handling of Diffie-Hellman Integrated Encryption Scheme and Elliptic Curve Integrated Encryption Scheme when operating in CBC mode. The issue stems from insufficient error handling during decryption operations, creating a timing side-channel that exposes the underlying cryptographic weaknesses to attackers who can observe system behavior patterns.
This vulnerability operates through a padding oracle attack mechanism where the cryptographic implementation provides different timing responses when processing invalid padding versus valid padding during decryption operations. The Bouncy Castle implementation fails to maintain consistent timing behavior regardless of whether padding validation succeeds or fails, allowing an attacker to perform statistical analysis on timing variations to determine the validity of padding. This timing discrepancy creates a predictable oracle that adversaries can exploit to gradually recover the plaintext without possessing the private key.
The operational impact of this vulnerability extends beyond simple information disclosure, as it enables attackers to perform decryption attacks that can compromise the confidentiality of encrypted communications. When an attacker can observe timing differences in the cryptographic operations, they can use this information to iteratively determine the correct padding values and ultimately reconstruct the original plaintext message. This weakness affects any system utilizing BC 1.55 or earlier versions with DHIES/ECIES CBC mode encryption, potentially exposing sensitive data including personal information, financial records, and proprietary communications.
From a cybersecurity perspective, this vulnerability maps directly to CWE-204, which describes weaknesses related to information exposure through timing differences, and aligns with ATT&CK technique T1005 for data from local system. The vulnerability also demonstrates characteristics of improper error handling and timing side-channel attacks that are commonly exploited in advanced persistent threat scenarios. Organizations using affected versions of Bouncy Castle should immediately upgrade to version 1.56 or later where the timing inconsistencies have been addressed through consistent error handling and constant-time operations during padding validation.
The mitigation strategy involves immediate deployment of updated Bouncy Castle libraries that implement proper constant-time padding validation and eliminate timing variations in cryptographic operations. Security teams should also implement monitoring for unusual timing patterns in cryptographic operations and consider network segmentation to limit potential attack vectors. Additionally, organizations should conduct thorough vulnerability assessments to identify all systems utilizing affected BC versions and ensure comprehensive patch management processes are in place to prevent similar vulnerabilities from arising in future cryptographic implementations.