2 matches found
PT-2023-29917
Name of the Vulnerable Software and Affected Versions crypto-js versions prior to 4.2.0 Description The crypto-js library has a weakened PBKDF2 configuration, which is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This...
PT-2023-29866 · Cryptoes · Cryptoes
Name of the Vulnerable Software and Affected Versions: CryptoES versions prior to 2.1.0 Description: The CryptoES PBKDF2 is weaker than originally specified and current industry standards due to defaulting to SHA1 and a single iteration. This weakness can lead to high-impact issues if used for...