CVE-2018-8319

A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library.

A Security Feature Bypass vulnerability exists in MSR JavaScript Cryptography Library that is caused by incorrect arithmetic computations, aka "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability." This affects Microsoft Research JavaScript Cryptography Library.

Versions of `msrcrypto` prior to 1.4.1 are vulnerable to Sensitive Data Exposure. The package's Elliptic Curve Cryptography (ECC) implementation may leak information about a server's private ECC key. It can also allow attackers to craft invalid ECDSA signatures that pass as valid. There is no published proof-of-concept for this vulnerability. ## Recommendation Upgrade to version 1.4.1 or later.

Versions of `msrcrypto` prior to 1.4.1 are vulnerable to Sensitive Data Exposure. The package's Elliptic Curve Cryptography (ECC) implementation may leak information about a server's private ECC key. It can also allow attackers to craft invalid ECDSA signatures that pass as valid. There is no published proof-of-concept for this vulnerability. ## Recommendation Upgrade to version 1.4.1 or later.

Existe una vulnerabilidad de omisión de la característica de seguridad en MSR JavaScript Cryptography Library provocada por cálculos aritméticos incorrectos. Esto también se conoce como "MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability". Esto afecta a Microsoft Research JavaScript Cryptography Library.