Keycloak 11 & CVE-2018-5382 bouncycastle. Is BKS-1 enabled?

cmorrissey · August 27, 2020, 11:35am

Keycloak 11 is vulnerable to CVE-2018-5382 because of its dependency on: org.bouncycastle bcprov-ext-jdk15on

To remediate the vulnerability one must disable the use of BKS-1 (legacy signature format).

Please confirm if Keycloak 11 uses BKS-1.

klose4711 · September 11, 2020, 10:08am

Hi all,

I have the same question. Can anyone help with this or is there any link with more information about this problem available?

Thanks!

klose4711 · September 24, 2020, 1:30pm

Can anybody help with this problem?

Topic		Replies	Views
Keycloak and FIPS mode	0	893	October 5, 2021
Is Keycloak affected by CVE-2022-46364?	0	362	January 16, 2023
Keycloak server running SHA-1 operation Getting advice	2	622	February 17, 2022
Keycloak legacy V 18.0.0 CVE Vulnerability Getting advice oidc	0	383	December 3, 2022
CVE-2020-1714 remote code execution before Keycloak 11 Getting advice	5	2020	June 10, 2020