EUVD-2023-2840

Malicious code in bioql PyPI...

AZL-43360 CVE-2024-28102 affecting package python-jwcrypto 0.6.0-9

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

Debian dla-3669 : libjs-cryptojs - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3669 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3669-1 [email protected] https://www.debian.org/lts/security/...

CVE-2023-46233

crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm...

CVE-2023-46233

CVE-2023-46233 affects crypto-js in Crypto-JS prior to 4.2.0. The PBKDF2 implementation uses SHA1 and a fixed iteration count of 1,000, making it far weaker than the 1993 spec and substantially weaker than current standards. Reported impact is high for password protection and signature generation...

MAL-2022-2252 Malicious code in crypto-standarts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f685dfa0855f5ffe22e60fd2899c1d19f071cb7b6f232d7e60a79f71d3410244 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Node.js third-party modules: [crypto-js] Insecure entropy source - Math.random()

Module module name: crypto-js version: 3.1.9-1 npm page: https://www.npmjs.com/package/crypto-js Module Description JavaScript library of crypto standards. Module Stats Replace stats below with numbers from npm’s module page: 184959 downloads in the last day 912568 downloads in the last week...

Export-Grade Crypto Patching Improves

LAS VEGAS – The FREAK, LOGJAM and DROWN attacks of the last 17 months weren’t just the work of academics and security researchers who found a cool way to unmask encrypted traffic. They were ugly reminders of the Crypto Wars of the 1990s and why export-grade cryptography and intentional encryption...

Matthew Green on the NSA and Compromising Crypto Standards

Dennis Fisher talks with Matthew Green of Johns Hopkins University about the NSA’s “regret” for continuing to support Dual EC after it had been shown to be compromised, the effects of the agency’s influence on crypto standards and the hope for more secure standards in the future. Download:...

EFF, Privacy Groups Say NIST Crypto Standards Must be Free From Backdoors

The EFF and a long list of civil and privacy groups have sent a letter to NIST, emphasizing the need for the agency to create “a process for establishing secure and resilient encryption standards, free from back doors or other known vulnerabilities.” The letter comes at a time when the agency is ...

House Initiates NIST-NSA Separation on Crypto Standards

Eight months after an explosive revelation that encryption standards developed and evaluated by the National Security Agency were allegedly subverted by the intelligence outfit, a House committee has moved to sever the NSA’s involvement in the standards process. An amendment to the Frontiers in...

Experts Urge Conservatism on Crypto Standards

SAN FRANCISCO–Security people are, by nature, cautious and methodical, and that is even more true of cryptographers. And in the current environment, when new adversaries seem to emerge on a daily basis and cryptographic standards are under intense scrutiny, a panel of some of the biggest names in...

NIST Reviews Crypto Standards Development

The National Institute for Standards and Technology has taken an important step toward repairing what the National Security Agency has allegedly fractured by initiating a review of its cryptographic standards development processes. NIST-sponsored algorithms are at the heart of numerous crypto...