CVE-2023-46133

Name of the Vulnerable Software and Affected Versions CryptoES versions prior to 2.1.0

Description The CryptoES PBKDF2 is weaker than originally specified and current industry standards due to defaulting to SHA1 and a single iteration. This weakness can lead to high-impact issues if used for password protection or signature generation. The estimated number of potentially affected devices is high, with at least 10,642 public users and a likely higher number of transient dependents.

Recommendations For versions prior to 2.1.0, configure CryptoES to use SHA256 with at least 250,000 iterations as a workaround. For versions prior to 2.1.0, update to version 2.1.0 to resolve the issue.