63 matches found
CVE-2023-46233
CVE-2023-46233 affects crypto-js in Crypto-JS prior to 4.2.0. The PBKDF2 implementation uses SHA1 and a fixed iteration count of 1,000, making it far weaker than the 1993 spec and substantially weaker than current standards. Reported impact is high for password protection and signature generation...
CVE-2023-46233
crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...
CVE-2023-46233 crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...
PT-2023-29917
Name of the Vulnerable Software and Affected Versions crypto-js versions prior to 4.2.0 Description The crypto-js library has a weakened PBKDF2 configuration, which is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This...
crypto-js encryption issue vulnerability
crypto-js is a JavaScript library open-sourced by Brix. A security vulnerability exists in crypto-js versions prior to 4.2.0 that stems from the use of an insecure cryptographic hash algorithm...
@cityofzion/neon-core (>=4.7.2 <=4.8.0), balanceofsatoshis (=5.19.0) potentially affected by CVE-2020-36732 via crypto-js (=3.2.0)
crypto-js NPM version =3.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on crypto-js and may be impacted: - @cityofzion/neon-core =4.7.2, =4.8.0 - balanceofsatoshis =5.19.0 Source cves: CVE-2020-36732 Source advisory: OSV:GHSA-3W3W-PXMM-2W2J...
GHSA-3W3W-PXMM-2W2J crypto-js uses insecure random numbers
The crypto-js package 3.2.0 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...
crypto-js uses insecure random numbers
The crypto-js package 3.2.0 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...
CVE-2020-36732
The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...
CVE-2020-36732
The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...
Integer overflow
The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...
CVE-2020-36732
The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...
CVE-2020-36732
The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...
Node.js 安全特征问题漏洞
Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in versions of Node.js prior to version 3.2.1 that stems from the crypto-js package generating random numbers by concatenating strings, but using integers, which makes the output predictable...
PT-2023-11874
Name of the Vulnerable Software and Affected Versions: crypto-js versions prior to 3.2.1 Description: The issue concerns the generation of random numbers in the crypto-js package. Specifically, it concatenates the string "0." with an integer, making the output more predictable than necessary...
CVE-2020-36732
The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...
Insecure Cryptography Algorithm in simple-crypto-js
Versions of simple-crypto-js prior to 2.3.0 use AES-CBC with PKCS7 padding, which is vulnerable to padding oracle attacks. This may allow attackers to break the encryption and access sensitive data. Recommendation Upgrade to version 2.3.0 or later...
GHSA-5V7R-JG9R-VQ44 Insecure Cryptography Algorithm in simple-crypto-js
Versions of simple-crypto-js prior to 2.3.0 use AES-CBC with PKCS7 padding, which is vulnerable to padding oracle attacks. This may allow attackers to break the encryption and access sensitive data. Recommendation Upgrade to version 2.3.0 or later...
detherjs (>=4.2.3 <=4.2.15), secure-cookies-js (>=1.0.0 <=1.1.1) +1 more potentially affected by unknown CVE via simple-crypto-js (>=1.1.0 <=1.1.1)
simple-crypto-js NPM version =1.1.0, =4.2.3, =1.0.0, =0.1.1, =0.1.2 Source cves: unknown CVE Source advisory: OSV:GHSA-5V7R-JG9R-VQ44...
jl-wechat-sdk (>=1.0.0 <=1.2.3) potentially affected by unknown CVE via crpyto-js (=0.0.1-security)
crpyto-js NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on crpyto-js and may be impacted: - jl-wechat-sdk =1.0.0, =1.2.3 Source cves: unknown CVE Source advisory: OSV:GHSA-73C6-VWJH-G3QH...