Primary

Context

jsrsasign Weak Encryption Vulnerability

Vulnerability

A vulnerability exists in jsrsasign version 11.1.0, where the encryption strength is inadequate. This issue arises because the HMAC and RSA key lengths used in the JSON Web Signature (JWS) implementation do not comply with recommended security standards. As a result, the vulnerability could potentially be exploited, leading to serious security risks.

Impact

The weak encryption can be exploited to compromise the security of cryptographic operations, such as signature validation or encryption/decryption processes, potentially allowing for unauthorized access or manipulation of data.

Remediation

Users can upgrade to jsrsasign version 11.1.0 or later to address this vulnerability.

Added: Aug 6, 2025, 8:23 PM

Updated: Aug 6, 2025, 8:36 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.6

exploitability

4.7

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.6

exploitability

4.7

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

jsrsasign Weak Encryption Vulnerability

Vulnerability

Impact

Remediation

Affected Products

kjur jsrsasign

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating