How severe is CVE-2023-46233?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.1 out of 10.

What type of vulnerability is CVE-2023-46233?

This is classified as CWE-328, which is a common weakness in software security.

CVE-2023-46233

CRITICAL Year: 2023

CVSS v3 Score

9.1

Critical

Weakness Type

CWE-328

View all →

Vulnerability Description

crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations.

CVE-2023-46133

CRITICAL

CVSS:9.1(Critical)

CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,00...

CWE-3282023

CVE-2024-48847

HIGH

CVSS:9.1(Critical)

MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Affected products: ABB ASPECT - Enterprise v3.08...

CWE-3282024

CVE-2023-43630

HIGH

CVSS:8.8(High)

PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but due to the change that was implemented in commit “7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not so...

CWE-3282023

CVE-2023-43635

HIGH

CVSS:8.8(High)

Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. Different parts of the system update different PCR values in the TPM, resulting in a ...

CWE-3282023

CVE-2022-45141

CRITICAL

CVSS:9.8(Critical)

Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory...

CWE-3282022

CVE-2025-27595

CRITICAL

CVSS:9.8(Critical)

The device uses a weak hashing alghorithm to create the password hash. Hence, a matching password can be easily calculated by an attacker. This impacts the security and the integrity of the device.

CWE-3282025

CVE-2023-46233

Vulnerability Description

Related Vulnerabilities

CVE-2023-46133

CVE-2024-48847

CVE-2023-43630

CVE-2023-43635

CVE-2022-45141

CVE-2025-27595