PT-2020-2276 · Microsoft · Msr Javascript Cryptography Library

Published

2020-04-14

Updated

2022-01-06

CVE-2020-1026

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MSR JavaScript Cryptography Library (affected versions not specified)

Description A security issue exists in the MSR JavaScript Cryptography Library due to multiple bugs in its Elliptic Curve Cryptography (ECC) implementation. This could allow an attacker to potentially learn information about a server's private ECC key or craft an invalid ECDSA signature that passes as valid. The issue is related to incorrect calculations in the ECC implementation, which could enable a remote attacker to gain unauthorized access to protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Verification of Cryptographic Signature

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347CWE-200CWE-682

Related Identifiers

BDU:2020-02219

CVE-2020-1026

GHSA-9X9J-836W-8F55

Affected Products

Msr Javascript Cryptography Library

PT-2020-2276 · Microsoft · Msr Javascript Cryptography Library

CVE-2020-1026

Weakness Enumeration

Related Identifiers

Affected Products

References · 5