Information disclosure in Microsoft Research Javascript Cryptography Library V1.4
CVE-2020-1026
A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography (ECC) implementation.An attacker could potentially abuse these bugs to…
Vulnerability class: Information Disclosure
EPSS: 0.025 (83.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Microsoft Research Javascript Cryptography Library V1.4 — versions unspecified
- Microsoft Research_javascript_cryptography_library — versions 1.4
Weakness classification (CWE)
References
- secure@microsoft.com (Patch, x_refsource_MISC, Vendor Advisory)
Frequently asked questions
- What is CVE-2020-1026?
- CVE-2020-1026 is a critical-severity vulnerability in Microsoft Research Javascript Cryptography Library V1.4, classified under Information Disclosure. CVSS score: 9.8/10. Published 2020-04-15.
- How severe is CVE-2020-1026?
- Critical severity. CVSS v3 base score is 9.8 out of 10.