Lucene search
GoogleOSV:GHSA-9X9J-836W-8F55HistoryJan 06, 2022 - 7:44 p.m.
Incorrect Calculation in the MSR JavaScript Cryptography Library
2022-01-0619:44:01
Google
osv.dev
12
javascript
cryptography
security
bypass
vulnerability
elliptic curve
ecc
key leakage
ecdsa
signature
update
EPSS
0.005
Percentile
76.6%
A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography (ECC) implementation.An attacker could potentially abuse these bugs to learn information about a server’s private ECC key (a key leakage attack) or craft an invalid ECDSA signature that nevertheless passes as valid.The security update addresses the vulnerability by fixing the bugs disclosed in the ECC implementation, aka MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability.
Related
cvelist
cvelist
CVE-2020-1026
2020-04-15 15:13:28
prion
prion
Security feature bypass
2020-04-15 15:15:00
github
github
Incorrect Calculation in the MSR JavaScript Cryptography Library
2022-01-06 19:44:01
mscve
mscve
MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability
2020-04-14 07:00:00
nvd
nvd
CVE-2020-1026
2020-04-15 15:15:20
cve
cve
CVE-2020-1026
2020-04-15 15:15:20
kaspersky
kaspersky
KLA11748 Multiple vulnerabilities in Microsoft Developer Tools
2020-04-14 00:00:00
avleonov
avleonov