IBM Support

PK99469: Timing attack vulnerabilities in MessageDigest.isEqual method. (Sunbug Alert 6863503)

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Error Message: N/A
    .
    Stack Trace: N/A
    .
    N/A
    

Local fix

  • N/A
    

Problem summary

  • Applications that validate HMAC - based digital signatures may
    bypass authentication.
    

Problem conclusion

  • This defect will be fixed in:
    1.4.2 SR13 FP3
    
    Integrating Sunbug Alert 6863503 to avoid timing attack
    vulnerabilities in MessageDigest.isEqual method.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PK99469

  • Reported component name

    JAVA(1.3/1.4 CO

  • Reported component ID

    5648C9800

  • Reported release

    42A

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2009-10-23

  • Closed date

    2010-03-03

  • Last modified date

    2010-03-03

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    JAVA(1.3/1.4 CO

  • Fixed component ID

    5648C9800

Applicable component levels

  • R14A PSY

       UP

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SUPPORT","label":"IBM Worldwide Support"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.4.2","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
09 February 2022