Java 15 introduced a cryptographic vulnerability

Oracle has patched a vulnerability in server-side Java that allowed an attacker to forge some kinds of SSL certificates and handshakes, along with several kinds of authentication messages.

The vulnerabilities were discovered by ForgeRock security researcher Neil Madden and documented here.

“If you are using ECDSA [elliptic curve digital signature algorithm] signatures for any of these security mechanisms, then an attacker can trivially and completely bypass them if your server is running any Java 15, 16, 17, or 18 version before the April 2022 Critical Patch Update (CPU),” Madden wrote of CVE-2022-21449.

“For context, almost all WebAuthn/FIDO [Fast IDentity Online] devices in the real world (including Yubikeys) use ECDSA signatures and many OIDC [OpenID Connect] providers use ECDSA-signed JWTs.”

Madden points out that the affected versions of Java fail to check that two key variables in the ECDSA are not tested to ensure they’re non-zero.

As a result, an attacker can present any signature value in which those variables are zero – “the digital equivalent of a blank ID card” – and it will be accepted by the server as valid.

He said the bug was introduced by a rewrite of the relevant code from C++ to Java, which happened when Java 15 was released in 2020.

The bug was discovered and reported last November, and fixed in Oracle’s April Critical Patch Update (CPU).

While Oracle only assigned the bug 7.5 (high rated) under the Common Vulnerability Scoring System, ForgeRock disagreed, rating it 10.0 “due to the wide range of impacts on different functionality in an access management context”.

The Java bug is one of more than 500 patches released in the April CPU.