Published: 15/04/2020 Updated: 21/07/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Research Javascript Cryptography Library

A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the libraryâ€™s Elliptic Curve Cryptography (ECC) implementation.An attacker could potentially abuse these bugs to learn information about a serverâ€™s private ECC key (a key leakage attack) or craft an invalid ECDSA signature that nevertheless passes as valid.The security update addresses the vulnerability by fixing the bugs disclosed in the ECC implementation, aka 'MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability'.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft research javascript cryptography library 1.4

Microsoft Patch Tuesday - April 2020

Symantec Threat Intelligence Blog • Preethi Koroth • 15 Apr 2024

This month the vendor has patched 113 vulnerabilities, 18 of which are rated Critical.

Posted: 15 Apr, 202029 Min ReadThreat Intelligence SubscribeMicrosoft Patch Tuesday - April 2020This month the vendor has patched 113 vulnerabilities, 18 of which are rated Critical.As always, customers are advised to follow these security best practices: Install vendor patches as soon as they are available. Run all software with the least privileges required while still maintaining functionality. Avoid handling files from unknown or questionable ...

CVE-2020-1026

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect