PT-2018-18553 · Microsoft · Msr Javascript Cryptography Library

Colin Mcrae

Published

2018-07-11

Updated

2018-09-10

CVE-2018-8319

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MSR JavaScript Cryptography Library versions prior to 1.4.1

Description A Security Feature Bypass issue exists due to incorrect arithmetic computations. This affects the Elliptic Curve Cryptography (ECC) implementation, potentially leaking information about a server's private ECC key and allowing attackers to craft invalid ECDSA signatures that pass as valid.

Recommendations Upgrade to version 1.4.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-682

Related Identifiers

CVE-2018-8319

GHSA-QG3G-2MGH-33J8

Affected Products

Msr Javascript Cryptography Library

PT-2018-18553 · Microsoft · Msr Javascript Cryptography Library

CVE-2018-8319

Weakness Enumeration

Related Identifiers

Affected Products

References · 8