4 matches found
Sensitive Data Exposure
Overview Versions of msrcrypto prior to 1.4.1 are vulnerable to Sensitive Data Exposure. The package's Elliptic Curve Cryptography ECC implementation may leak information about a server's private ECC key. It can also allow attackers to craft invalid ECDSA signatures that pass as valid. There is n...
Insecure Cryptography
msrcrypto is vulnerable to insecure cryptography. The vulnerability exists as there are issues with the Elliptic Curve Cryptography ECC implementation, allowing invalid ECDSA signatures to be created through the learning of a server's private ECC key...
GHSA-QG3G-2MGH-33J8 Sensitive Data Exposure in msrcrypto
Versions of msrcrypto prior to 1.4.1 are vulnerable to Sensitive Data Exposure. The package's Elliptic Curve Cryptography ECC implementation may leak information about a server's private ECC key. It can also allow attackers to craft invalid ECDSA signatures that pass as valid. There is no publish...
Sensitive Data Exposure in msrcrypto
Versions of msrcrypto prior to 1.4.1 are vulnerable to Sensitive Data Exposure. The package's Elliptic Curve Cryptography ECC implementation may leak information about a server's private ECC key. It can also allow attackers to craft invalid ECDSA signatures that pass as valid. There is no publish...