3 matches found
UBUNTU-CVE-2023-46233
crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...
PT-2023-29917
Name of the Vulnerable Software and Affected Versions crypto-js versions prior to 4.2.0 Description The crypto-js library has a weakened PBKDF2 configuration, which is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This...
PT-2023-29866 · Cryptoes · Cryptoes
Name of the Vulnerable Software and Affected Versions: CryptoES versions prior to 2.1.0 Description: The CryptoES PBKDF2 is weaker than originally specified and current industry standards due to defaulting to SHA1 and a single iteration. This weakness can lead to high-impact issues if used for...