AnonymousNODEJS:1672RSA signature validation vulnerability
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
Overview
Impact
Vulnerable versions of jsrsasign will accept RSA signature with improper PKCS#1.5 padding.
Decoded RSA signature value consists following form:
01(ff…(8 or more ffs)…ff)00[ASN.1 OF DigestInfo]
Its byte length shall be the same as RSA key length however such checking was not sufficient.
To make crafted message for practical attack is very hard.
Patches
Users validating RSA signature should upgrade to 10.2.0 or later.
Workarounds
There is no workaround. Not to use RSA signature validation in jsrsasign.
Recommendation
Upgrade to version 10.2.0 or later
References
Related
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N