Lucene search
K

63 matches found

CVE
CVE
added 2023/10/25 8:49 p.m.298 views

CVE-2023-46233

CVE-2023-46233 affects crypto-js in Crypto-JS prior to 4.2.0. The PBKDF2 implementation uses SHA1 and a fixed iteration count of 1,000, making it far weaker than the 1993 spec and substantially weaker than current standards. Reported impact is high for password protection and signature generation...

9.1CVSS9.1AI score0.00635EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2023/10/25 8:49 p.m.30 views

CVE-2023-46233

crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...

9.1CVSS8.4AI score0.00635EPSS
Exploits0
Cvelist
Cvelist
added 2023/10/25 8:49 p.m.48 views

CVE-2023-46233 crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...

9.1CVSS9.3AI score0.00635EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.6 views

PT-2023-29917

Name of the Vulnerable Software and Affected Versions crypto-js versions prior to 4.2.0 Description The crypto-js library has a weakened PBKDF2 configuration, which is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This...

9.1CVSS8.2AI score0.00635EPSS
Exploits0References22
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.14 views

crypto-js encryption issue vulnerability

crypto-js is a JavaScript library open-sourced by Brix. A security vulnerability exists in crypto-js versions prior to 4.2.0 that stems from the use of an insecure cryptographic hash algorithm...

9.1CVSS6.7AI score0.00635EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2023/06/12 3:30 a.m.4 views

@cityofzion/neon-core (>=4.7.2 <=4.8.0), balanceofsatoshis (=5.19.0) potentially affected by CVE-2020-36732 via crypto-js (=3.2.0)

crypto-js NPM version =3.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on crypto-js and may be impacted: - @cityofzion/neon-core =4.7.2, =4.8.0 - balanceofsatoshis =5.19.0 Source cves: CVE-2020-36732 Source advisory: OSV:GHSA-3W3W-PXMM-2W2J...

5.3CVSS6.4AI score0.01075EPSS
Exploits0
OSV
OSV
added 2023/06/12 3:30 a.m.4 views

GHSA-3W3W-PXMM-2W2J crypto-js uses insecure random numbers

The crypto-js package 3.2.0 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...

5.3CVSS7.1AI score0.01075EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2023/06/12 3:30 a.m.20 views

crypto-js uses insecure random numbers

The crypto-js package 3.2.0 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...

5.3CVSS6.7AI score0.01075EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2023/06/12 2:15 a.m.18 views

CVE-2020-36732

The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...

5.3CVSS5.7AI score0.01075EPSS
Exploits0References6
OSV
OSV
added 2023/06/12 2:15 a.m.26 views

CVE-2020-36732

The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...

5.3CVSS7.2AI score
Exploits0References6
Prion
Prion
added 2023/06/12 2:15 a.m.13 views

Integer overflow

The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...

5CVSS5.7AI score0.01075EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCve
added 2023/06/12 2:15 a.m.39 views

CVE-2020-36732

The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...

5.3CVSS6.8AI score0.01075EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/06/12 12:0 a.m.15 views

CVE-2020-36732

The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...

5.7AI score0.01075EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/06/12 12:0 a.m.3 views

Node.js 安全特征问题漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in versions of Node.js prior to version 3.2.1 that stems from the crypto-js package generating random numbers by concatenating strings, but using integers, which makes the output predictable...

5.3CVSS6.7AI score0.01075EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/06/12 12:0 a.m.4 views

PT-2023-11874

Name of the Vulnerable Software and Affected Versions: crypto-js versions prior to 3.2.1 Description: The issue concerns the generation of random numbers in the crypto-js package. Specifically, it concatenates the string "0." with an integer, making the output more predictable than necessary...

5.3CVSS5.8AI score0.01075EPSS
Exploits0References16
Vulnrichment
Vulnrichment
added 2023/06/12 12:0 a.m.8 views

CVE-2020-36732

The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary...

7.2AI score0.01075EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2020/09/03 9:19 p.m.20 views

Insecure Cryptography Algorithm in simple-crypto-js

Versions of simple-crypto-js prior to 2.3.0 use AES-CBC with PKCS7 padding, which is vulnerable to padding oracle attacks. This may allow attackers to break the encryption and access sensitive data. Recommendation Upgrade to version 2.3.0 or later...

4.9AI score
Exploits0References6Affected Software1
OSV
OSV
added 2020/09/03 9:19 p.m.6 views

GHSA-5V7R-JG9R-VQ44 Insecure Cryptography Algorithm in simple-crypto-js

Versions of simple-crypto-js prior to 2.3.0 use AES-CBC with PKCS7 padding, which is vulnerable to padding oracle attacks. This may allow attackers to break the encryption and access sensitive data. Recommendation Upgrade to version 2.3.0 or later...

5.9CVSS7AI score
Exploits0References6
vulnersOsv
vulnersOsv
added 2020/09/03 9:19 p.m.3 views

detherjs (>=4.2.3 <=4.2.15), secure-cookies-js (>=1.0.0 <=1.1.1) +1 more potentially affected by unknown CVE via simple-crypto-js (>=1.1.0 <=1.1.1)

simple-crypto-js NPM version =1.1.0, =4.2.3, =1.0.0, =0.1.1, =0.1.2 Source cves: unknown CVE Source advisory: OSV:GHSA-5V7R-JG9R-VQ44...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2020/09/03 7:40 p.m.4 views

jl-wechat-sdk (>=1.0.0 <=1.2.3) potentially affected by unknown CVE via crpyto-js (=0.0.1-security)

crpyto-js NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on crpyto-js and may be impacted: - jl-wechat-sdk =1.0.0, =1.2.3 Source cves: unknown CVE Source advisory: OSV:GHSA-73C6-VWJH-G3QH...

5.8AI score
Exploits0
Rows per page
Query Builder