This vulnerability uses timing variations to recover the most significant bit of the random nonce used during signing. This single bit leakage is enough to recover the full private key after seeing enough signing operations. You can read more about this vulnerability here: Minerva: Leaky Loops.
ForgeRock products are not directly affected by this vulnerability but they run on JDKs which are affected. The SunEC provider in Java® is vulnerable although it has now been patched in the latest updates. SunEC is used in JDK 7 through to JDK 13 (both Oracle® and OpenJDK versions), which makes ForgeRock products running on these unpatched JDKs vulnerable.
Since this vulnerability arises from an issue with the JDK libraries, the patch to fix this issue will come from the Java vendors rather than from ForgeRock. It is recommended you update your JDKs to the latest version to get the fix:
- JDK 11 - fixed version is jdk-11.0.5+10
- JDK 8 - fixed version is jdk8u232-b09
Alternatively, you can mitigate this vulnerability by configuring Java to prefer either the Bouncy Castle provider or the Conscrypt provider as these libraries are not vulnerable. You will need to ensure the corresponding JCE provider JAR is installed and then configure it as the preferred provider in the java.security file (this can be found in the $JAVA_HOME directory; the exact path varies by version but common locations include $JAVA_HOME/jre/lib/security and $JAVA_HOME/conf/security).
Setting up Bouncy Castle Example
- Download the latest bcprov-ext-jdk15on-xxx.jar and bcprov-jdk15on-xxx.jar files from Bouncy Castle if needed; they are listed in the SIGNED JAR FILES section.
- Copy these two jar files to a directory that the JVM searches; the JVM searches the $JAVA_HOME/jre/lib/ext/ directory by default, so this is a good place to put them.
- Ensure the file permissions for these two jar files are set to allow them to be read.
- Update the list of security providers in the JVM to put Bouncy Castle first and then
renumber the other security providers to follow. This list is set in the java.security text file. The security provider list should now look similar to this:
security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider security.provider.2=sun.security.provider.Sun [...]This step is recommended by Bouncy Castle and you can read more about it here: The Legion of the Bouncy Castle - Specifications.
- Save this file and restart the relevant ForgeRock product.