PT-2020-21070 — Use of a Broken Cryptographic Algorithm in Unknown Simple-Crypto-Js

PT-2020-21070 · Unknown · Simple-Crypto-Js

Published

2020-09-03

Updated

2020-09-03

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions simple-crypto-js versions prior to 2.3.0

Description The issue concerns the use of AES-CBC with PKCS#7 padding, which is susceptible to padding oracle attacks. This could potentially allow attackers to break the encryption and access sensitive data.

Recommendations For simple-crypto-js versions prior to 2.3.0, upgrade to version 2.3.0 or later.

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

GHSA-5V7R-JG9R-VQ44

Affected Products

Simple-Crypto-Js

PT-2020-21070 · Unknown · Simple-Crypto-Js

Weakness Enumeration

Related Identifiers

Affected Products

References · 7