jsrsasign Incorrect Numeric Type Conversion Vulnerability in Modular Exponentiation

A vulnerability exists in the jsrsasign package, specifically in versions prior to 11.1.1, due to incorrect handling of negative exponents in the modular exponentiation function. This flaw allows an attacker to manipulate the computation of modular inverses, disrupting signature verification processes. The issue arises from the library's failure to properly check the sign of exponents, leading to mathematically incorrect results that can be exploited in cryptographic operations.

Impact

Exploitation of this vulnerability causes the BigInteger.modPow function to produce silent, incorrect results when handling negative exponents. This not only disrupts mathematical accuracy but also creates a denial-of-service condition in cryptographic signature verification, where signatures appear valid but are universally rejected by verifiers.

Reproduction

The vulnerability can be reproduced by calling the BigInteger.modPow method with a negative exponent. This can be done by creating a BigInteger instance representing a negative value and using it as the exponent in the modPow function, while also providing a modulus. The incorrect behavior can be verified by comparing the output to the expected result, which should be calculated using the correct mathematical principles for modular exponentiation with negative exponents.

Remediation

Users can upgrade to jsrsasign version 11.1.1 or higher, where this vulnerability has been fixed.