https://fis.blackducksoftware.com/api/vulnerabilities/BDSA-2018-5235/overview
Bouncy Castle contains a weak key-hash message authentication code (HMAC) that is only 16 bits long which can result in hash collisions. This is due to an error within the BKS version 1 keystore (BKS-V1) files and could lead to an attacker being able to affect the integrity of these files.
Note: This issue issue occurs due to functionality that was re-introduced following the fix for CVE-2018-5382 (BDSA-2018-1190).
https://fis.blackducksoftware.com/api/vulnerabilities/BDSA-2018-5235/overview
Bouncy Castle contains a weak key-hash message authentication code (HMAC) that is only 16 bits long which can result in hash collisions. This is due to an error within the BKS version 1 keystore (BKS-V1) files and could lead to an attacker being able to affect the integrity of these files.
Note: This issue issue occurs due to functionality that was re-introduced following the fix for CVE-2018-5382 (BDSA-2018-1190).