{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/jsrsasign/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["jsrsasign"],"_cs_severities":["critical"],"_cs_tags":["jsrsasign","DSA","nonce-bias","cryptography","CVE-2026-4599"],"_cs_type":"advisory","_cs_vendors":["jsrsasign"],"content_html":"\u003cp\u003eThe jsrsasign library, a popular JavaScript cryptography toolkit, contains a critical vulnerability (CVE-2026-4599) in versions 7.0.0 up to, but not including, 11.1.1. This flaw resides in the \u003ccode\u003egetRandomBigIntegerZeroToMax\u003c/code\u003e and \u003ccode\u003egetRandomBigIntegerMinToMax\u003c/code\u003e functions within \u003ccode\u003esrc/crypto-1.1.js\u003c/code\u003e. The vulnerability stems from incomplete comparison checks that accept out-of-range candidates when generating DSA nonces. This introduces a bias in the nonce generation process, which an attacker could exploit to potentially recover the private key associated with the DSA signatures. This is a high-severity issue because successful exploitation allows for complete compromise of the cryptographic keys.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a target application utilizing a vulnerable version (7.0.0 to 11.1.0) of the jsrsasign library for DSA signature generation.\u003c/li\u003e\n\u003cli\u003eThe application calls the vulnerable \u003ccode\u003egetRandomBigIntegerZeroToMax\u003c/code\u003e or \u003ccode\u003egetRandomBigIntegerMinToMax\u003c/code\u003e function within \u003ccode\u003esrc/crypto-1.1.js\u003c/code\u003e to generate a random nonce (\u003ccode\u003ek\u003c/code\u003e) for DSA signature creation.\u003c/li\u003e\n\u003cli\u003eDue to the incomplete comparison checks, the function generates a biased set of nonces, meaning some nonces are statistically more likely to be generated than others.\u003c/li\u003e\n\u003cli\u003eThe attacker collects a significant number of DSA signatures generated by the vulnerable application.\u003c/li\u003e\n\u003cli\u003eThe attacker analyzes the collected signatures, leveraging statistical analysis techniques to identify the bias in the generated nonces (\u003ccode\u003ek\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eUsing the identified nonce bias, the attacker applies mathematical algorithms (e.g., lattice-based techniques or Hidden Number Problem solvers) to recover the private key.\u003c/li\u003e\n\u003cli\u003eThe attacker successfully reconstructs the private key used for signing.\u003c/li\u003e\n\u003cli\u003eThe attacker can now forge signatures, impersonate the legitimate entity, and potentially gain unauthorized access or perform malicious actions.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-4599 allows an attacker to recover the private key used in DSA signature generation by applications using vulnerable versions of jsrsasign. This allows the attacker to forge signatures, potentially leading to unauthorized access, data breaches, and complete compromise of systems relying on the affected keys. The vulnerability has a CVSS v3.1 base score of 9.1, indicating critical severity. While the number of victims is unknown, any application relying on jsrsasign for DSA signatures is potentially vulnerable.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the jsrsasign library to version 11.1.1 or later to patch CVE-2026-4599.\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule \u0026quot;Detect jsrsasign Vulnerable Version Usage\u0026quot; to identify systems using vulnerable versions of the library.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for requests containing potentially malicious DSA signature generation attempts, focusing on applications known to use jsrsasign.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-18T12:00:00Z","date_published":"2024-01-18T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-18-jsrsasign-dsa-nonce-bias/","summary":"jsrsasign versions 7.0.0 through 11.1.1 are vulnerable to a DSA nonce bias due to incomplete comparison checks in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions, potentially allowing an attacker to recover the private key.","title":"jsrsasign DSA Nonce Bias Vulnerability (CVE-2026-4599)","url":"https://feed.craftedsignal.io/briefs/2024-01-18-jsrsasign-dsa-nonce-bias/"},{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["jsrsasign"],"_cs_severities":["critical"],"_cs_tags":["jsrsasign","signature-forgery","dsa","cve-2026-4600"],"_cs_type":"advisory","_cs_vendors":["jsrsasign"],"content_html":"\u003cp\u003eA critical vulnerability, CVE-2026-4600, affects jsrsasign versions before 11.1.1. This flaw stems from insufficient validation of DSA domain parameters within the KJUR.crypto.DSA.setPublic function and related DSA/X509 verification processes in src/dsa-2.0.js. The vulnerability allows an attacker to forge DSA signatures or X.509 certificates. By supplying malicious domain parameters (e.g., g=1, y=1, fixed r=1), an attacker can manipulate the verification equation to evaluate as true, irrespective of the actual hash value. This can lead to successful verification of a forged signature by X509.verifySignature(). This poses a significant risk, as it can be exploited to bypass authentication mechanisms or install malicious software that appears to be legitimately signed.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious DSA key pair, manipulating the domain parameters g, y, and r to specific values (e.g., g=1, y=1, r=1).\u003c/li\u003e\n\u003cli\u003eThe attacker uses this maliciously crafted key to forge a DSA signature for arbitrary data.\u003c/li\u003e\n\u003cli\u003eThe forged signature, along with the manipulated DSA public key, is presented to an application using a vulnerable version of jsrsasign.\u003c/li\u003e\n\u003cli\u003eThe application calls KJUR.crypto.DSA.setPublic with the attacker-controlled public key, which contains the malicious domain parameters.\u003c/li\u003e\n\u003cli\u003eThe application attempts to verify the forged signature using X509.verifySignature().\u003c/li\u003e\n\u003cli\u003eDue to the improper validation of DSA domain parameters, the verification equation evaluates to true regardless of the hash of the signed data.\u003c/li\u003e\n\u003cli\u003eThe application incorrectly accepts the forged signature as valid.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to resources or executes arbitrary code, relying on the successful verification of the forged signature.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-4600 can have severe consequences. An attacker can forge digital signatures, potentially allowing them to bypass security controls, impersonate legitimate entities, or distribute malicious software that appears to be trusted. This can lead to widespread compromise, data breaches, and significant reputational damage. The vulnerability impacts any application using the vulnerable jsrsasign library for DSA signature verification, particularly those relying on X.509 certificates for authentication and authorization.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the jsrsasign package to version 11.1.1 or later to remediate CVE-2026-4600.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026quot;Detect DSA Public Key with Suspicious Parameters\u0026quot; to identify attempts to use DSA public keys with g=1 and y=1 in your environment.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs (category: webserver, product: linux) for suspicious requests involving DSA signature verification, particularly those using parameters like g=1, y=1, and r=1.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T10:00:00Z","date_published":"2024-01-02T10:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-jsrsasign-dsa-signature-forgery/","summary":"The jsrsasign package before version 11.1.1 is vulnerable to cryptographic signature forgery (CVE-2026-4600) due to improper DSA domain-parameter validation, allowing attackers to forge DSA signatures or X.509 certificates, potentially leading to unauthorized access or code execution.","title":"jsrsasign DSA Signature Forgery Vulnerability (CVE-2026-4600)","url":"https://feed.craftedsignal.io/briefs/2024-01-jsrsasign-dsa-signature-forgery/"}],"language":"en","title":"CraftedSignal Threat Feed - Jsrsasign","version":"https://jsonfeed.org/version/1.1"}