What is CVE-2023-46133?

CVE-2023-46133 is a critical-severity vulnerability in Entronad Crypto-es, classified under Use of Weak Hash. CVSS score: 9.1/10. Published 2023-10-25.

How severe is CVE-2023-46133?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Is CVE-2023-46133 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Entronad Crypto-es

CVE-2023-46133

CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry st…

EPSS: 0.002 (39.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Entronad Crypto-es — versions < 2.1.0

Weakness classification (CWE)

Public proof-of-concept exploits

jamiesmith/portfolio

References

https://github.com/entronad/crypto-es/security/advisories/GHSA-mpj8-q39x-wq5h (x_refsource_CONFIRM)
https://github.com/entronad/crypto-es/commit/d506677fae3d03a454b37ad126e0c119d416b757 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-46133?: CVE-2023-46133 is a critical-severity vulnerability in Entronad Crypto-es, classified under Use of Weak Hash. CVSS score: 9.1/10. Published 2023-10-25.
How severe is CVE-2023-46133?: Critical severity. CVSS v3 base score is 9.1 out of 10.
Is CVE-2023-46133 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.