RSA signature validation vulnerability on maleable encoded message in jsrsasign

Severity:: High

Description

Vulnerable jsrsasign will accept RSA signature with improper PKCS#1.5 padding. Decoded RSA signature value consists following form: 01(ff...(8 or more ffs)...ff)00[ASN.1 OF DigestInfo] Its byte length must be the same as RSA key length, however such checking was not sufficient.

To make crafted message for practical attack is very hard.

Recommendation

Update the jsrsasign package to the latest compatible version. Followings are version details:

Affected version(s): < 10.2.0
Patched version(s): 10.2.0

References

GHSA-27fj-mc8w-j9wg
kjur.github.io
CVE-2021-30246
CWE-347
CAPEC-310
OWASP 2021-A2
OWASP 2021-A6

Related Issues

RSA-PSS signature validation vulnerability by prepending zeros in jsrsasign - CVE-2020-14968
JWS and JWT signature validation vulnerability with special characters - CVE-2022-25898
ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign - CVE-2020-14966
RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign - CVE-2020-14967

Tags:: npm; jsrsasign

Anything's wrong? Let us know Last updated on September 11, 2023