Information disclosure in Microsoft Research Javascript Cryptography Library V1.4

CVE-2020-1026

A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography (ECC) implementation.An attacker could potentially abuse these bugs to…

Vulnerability class: Information Disclosure

EPSS: 0.025 (83.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2020-1026?
CVE-2020-1026 is a critical-severity vulnerability in Microsoft Research Javascript Cryptography Library V1.4, classified under Information Disclosure. CVSS score: 9.8/10. Published 2020-04-15.
How severe is CVE-2020-1026?
Critical severity. CVSS v3 base score is 9.8 out of 10.