crypto-js: PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
A vulnerability was found in crypto-js in how PBKDF2 is 1,000 times weaker than originally specified in 1993 and at least 1,300,000 times weaker than the current industry standard. This issue is because both default to SHA1, a cryptographic hash algorithm considered insecure since at least 2005,...