Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2025/05/23 3:54 a.m.4 views

CVE-2023-46133

CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a...

9.1CVSS6.7AI score0.00182EPSS
Exploits1References1
NVD
NVDadded 2023/10/25 9:15 p.m.7 views

CVE-2023-46133

CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a...

9.1CVSS9.2AI score0.00182EPSS
Exploits1References2
Prion
Prionadded 2023/10/25 9:15 p.m.7 views

Code injection

CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a...

6.4CVSS9.1AI score0.00182EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2023/10/25 8:48 p.m.20 views

CVE-2023-46133 crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a...

9.1CVSS9.4AI score0.00182EPSS
Exploits1References2
CVE
CVEadded 2023/10/25 8:48 p.m.56 views

CVE-2023-46133

CVE-2023-46133 documents a weakness in CryptoES prior to v2.1.0 where PBKDF2 was configured by default to use SHA-1 with a single iteration (1,000), making it far weaker than the 1993 specification and current standards. This can impact password protection and digital signatures. A patch is avail...

9.1CVSS9.2AI score0.00182EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2023/10/25 8:48 p.m.13 views

CVE-2023-46133 crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a...

9.1CVSS7.1AI score0.00182EPSS
Exploits1References2
CNNVD
CNNVDadded 2023/10/25 12:0 a.m.2 views

CryptoES Security Vulnerability

CryptoES is a library of cryptographic algorithms compatible with ES6 and TypeScript. A security vulnerability exists in CryptoES that stems from the use of an insecure cryptographic hash algorithm...

9.1CVSS6.8AI score0.00182EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2023/10/24 12:0 a.m.3 views

PT-2023-29866 · Cryptoes · Cryptoes

Name of the Vulnerable Software and Affected Versions: CryptoES versions prior to 2.1.0 Description: The CryptoES PBKDF2 is weaker than originally specified and current industry standards due to defaulting to SHA1 and a single iteration. This weakness can lead to high-impact issues if used for...

9.1CVSS9.3AI score0.00182EPSS
Exploits1References8
Rows per page
Query Builder