CVE-2023-46133

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions CryptoES versions prior to 2.1.0

Description The CryptoES PBKDF2 is weaker than originally specified and current industry standards due to defaulting to SHA1 and a single iteration. This weakness can lead to high-impact issues if used for password protection or signature generation. The estimated number of potentially affected devices is high, with at least 10,642 public users and a likely higher number of transient dependents.

Recommendations For versions prior to 2.1.0, configure CryptoES to use SHA256 with at least 250,000 iterations as a workaround. For versions prior to 2.1.0, update to version 2.1.0 to resolve the issue.

Exploit

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-916CWE-328CWE-327

Related Identifiers

CVE-2023-46133

GHSA-MPJ8-Q39X-WQ5H

Affected Products

Cryptoes

CVE-2023-46133

Weakness Enumeration

Related Identifiers

Affected Products

References · 9