https://feed.craftedsignal.io/tags/missing-cryptographic-step/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioMon, 23 Mar 2026 06:16:21 +0000https://feed.craftedsignal.io/briefs/2026-03-jsrsasign-dsa/Mon, 23 Mar 2026 06:16:21 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-jsrsasign-dsa/jsrsasign versions before 11.1.1 are vulnerable to a missing cryptographic step in the DSA signing implementation, allowing an attacker to recover the private key by manipulating the signature generation process.A vulnerability exists in jsrsasign versions prior to 11.1.1, specifically within the KJUR.crypto.DSA.signWithMessageHash function used for DSA signing. This flaw, identified as CVE-2026-4601, stems from a missing cryptographic step during signature generation. An attacker can exploit this by manipulating the process to force either the ‘r’ or ’s’ component of the signature to be zero. When this occurs, the library generates an invalid signature without retry, which then allows the attacker…

]]>criticaladvisoryjsrsasigndsamissing-cryptographic-stepCVE-2026-4601