Miggo Logo

CVE-2020-14967: RSA PKCS#1 decryption vulnerability with prepending zeros in jsrsasign

9.8

CVSS Score
3.1

Basic Information

EPSS Score
0.6704%
Published
6/26/2020
Updated
1/31/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
jsrsasignnpm< 8.0.188.0.18

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper validation of ciphertext format in RSA decryption functions. The patch notes for 8.0.18 specifically mention fixes to RSADecrypt and RSADecryptOAEP in ext/rsa2.js. The NVD description confirms these functions accepted modified ciphertexts with prepended zeros. The GitHub issue #439 and security advisory both reference improper ciphertext validation in PKCS#1 v1.5 and OAEP decryption paths, which are handled by these functions. The functions' role in direct cryptographic processing and explicit mention in patch documentation gives high confidence.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t Jsrs*si*n supports RS* PK*S#* v*.* (i.*. RS**S-PK*S*-v*_*) *n* RS*-O**P *n*ryption *n* ***ryption. Its *n*rypt** m*ss*** is r*pr*s*nt** *s *i*Int***r. W**n t**r* is * v*li* *n*rypt** m*ss***, * *r**t** m*ss*** wit* pr*p*n*in* z*ros **n **

Reasoning

T** vuln*r**ility st*ms *rom improp*r `v*li**tion` o* *ip**rt*xt *orm*t in RS* ***ryption `*un*tions`. T** p*t** not*s *or *.*.** sp**i*i**lly m*ntion *ix*s to `RS****rypt` *n* `RS****ryptO**P` in `*xt/rs**.js`. T** NV* **s*ription *on*irms t**s* `*u