CVE-2023-46233 - Crypto-JS Library PBKDF2 1,000 Times Weaker Than Specified in 1993 and 1,300,000 Times Weaker Than Current Industry Standard

Crypto-js is a popular JavaScript library used for implementing various cryptographic standards. A vulnerability has been recently discovered in the library, which is outlined by the Common Vulnerabilities and Exposures (CVE) as CVE-2023-46233. This post will discuss the details of this vulnerability, provide code snippets to demonstrate the issue, and recommend workarounds and patches to mitigate its impact.

Vulnerability Details

Prior to version 4.2., crypto-js's implementation of the Password-Based Key Derivation Function 2 (PBKDF2) was found to be 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than the current industry standard. This weakness is attributed to the library's use of the default Secure Hash Algorithm 1 (SHA1) and single iteration for the PBKDF2 function.

SHA1 has been considered insecure since at least 2005 due to its vulnerability to preimage and collision attacks. The single iteration of PBKDF2 further weakens the security of the function, as the original 1993 iteration value of 1,000 was meant to provide a countermeasure to such attacks.

If crypto-js's PBKDF2 implementation is used to protect passwords or generate signatures, the impact of this vulnerability is considered high.

Here's a code snippet that demonstrates the use of crypto-js's weak default implementation of PBKDF2

const CryptoJS = require("crypto-js");

const password = "mypassword";
const salt = CryptoJS.lib.WordArray.random(128/8);
const key = CryptoJS.PBKDF2(password, salt); // Weak default settings (SHA1 and 1 iteration)

console.log("Derived key:", key.toString());

Recommended Workarounds and Patches

A patch for CVE-2023-46233 has been introduced in crypto-js version 4.2.. Users should update their library to this version to resolve the issue.

For those unable to immediately update, a workaround involves configuring crypto-js to use SHA256 instead of SHA1 and increasing the iteration count to at least 250,000. Here's a code snippet that demonstrates a stronger implementation of PBKDF2 using crypto-js:

const CryptoJS = require("crypto-js");

const password = "mypassword";
const salt = CryptoJS.lib.WordArray.random(128/8);
const key = CryptoJS.PBKDF2(password, salt, {
  keySize: 256/32,
  hasher: CryptoJS.algo.SHA256,
  iterations: 250000
});

console.log("Derived key (stronger settings):", key.toString());

Original References

For more details on the cryptographic standards and their specifications, please refer to the following sources:

- NIST SHA1 Specification
- RFC 2898 - PBKDF2 Specification

Conclusion

CVE-2023-46233 highlights the importance of staying up-to-date with security best practices and regularly updating libraries and dependencies for projects. By updating crypto-js to version 4.2., or implementing the provided workaround, developers can ensure that their projects remain secure against potential exploits related to this vulnerability.

Timeline

Published on: 10/25/2023 21:15:10 UTC
Last modified on: 11/27/2023 20:15:06 UTC