2 matches found
CVE-2023-46233
CVE-2023-46233 affects crypto-js in Crypto-JS prior to 4.2.0. The PBKDF2 implementation uses SHA1 and a fixed iteration count of 1,000, making it far weaker than the 1993 spec and substantially weaker than current standards. Reported impact is high for password protection and signature generation...
CVE-2020-36732
CVE-2020-36732 affects crypto-js used in IBM-related deployments. The underlying issue: crypto-js versions before 3.2.1 for Node.js generate random numbers by concatenating the string "0." with an integer, yielding less randomness than expected. The NVD metrics show a base score of 5.3 (Medium) w...