cve/2016/CVE-2016-1000343.md

### [CVE-2016-1000343](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000343)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In the Bouncy Castle JCE Provider version 1.55 and earlier the DSA key pair generator generates a weak private key if used with default values. If the JCA key pair generator is not explicitly initialised with DSA parameters, 1.55 and earlier generates a private value assuming a 1024 bit key size. In earlier releases this can be dealt with by explicitly passing parameters to the key pair generator.

### POC

#### Reference
- https://www.oracle.com/security-alerts/cpuoct2020.html

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Anonymous-Phunter/PHunter
- https://github.com/CGCL-codes/PHunter
- https://github.com/CyberSource/cybersource-sdk-java
- https://github.com/IkerSaint/VULNAPP-vulnerable-app
- https://github.com/LibHunter/LibHunter
- https://github.com/pctF/vulnerable-app