Critical severityNVD Advisory· Published Oct 25, 2023· Updated Feb 13, 2025

crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard

CVE-2023-46233

Description

crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
crypto-jsnpm	< 4.2.0	4.2.0

Affected products

Brix/Crypto Jsv5
Range: < 4.2.0

Patches

421dd538b2d3

Change default hash algorithm and iteration's for PBKDF2 to prevent weak security by using the default configuration.

https://github.com/brix/crypto-jsevanvosbergOct 24, 2023via ghsa

commit

3 files changed · +20 −20

grunt/config/modularize.js+1 −1 modified

@@ -91,7 +91,7 @@ module.exports = {
             },
             "pbkdf2": {
                 "exports": "CryptoJS.PBKDF2",
-                "components": ["core", "sha1", "hmac", "pbkdf2"]
+                "components": ["core", "sha256", "hmac", "pbkdf2"]
             },
             "evpkdf": {
                 "exports": "CryptoJS.EvpKDF",

src/pbkdf2.js+5 −5 modified

@@ -5,7 +5,7 @@
     var Base = C_lib.Base;

     var WordArray = C_lib.WordArray;

     var C_algo = C.algo;

-    var SHA1 = C_algo.SHA1;

+    var SHA256 = C_algo.SHA256;

     var HMAC = C_algo.HMAC;

 

     /**

@@ -16,13 +16,13 @@
          * Configuration options.

          *

          * @property {number} keySize The key size in words to generate. Default: 4 (128 bits)

-         * @property {Hasher} hasher The hasher to use. Default: SHA1

-         * @property {number} iterations The number of iterations to perform. Default: 1

+         * @property {Hasher} hasher The hasher to use. Default: SHA256

+         * @property {number} iterations The number of iterations to perform. Default: 250000

          */

         cfg: Base.extend({

             keySize: 128/32,

-            hasher: SHA1,

-            iterations: 1

+            hasher: SHA256,

+            iterations: 250000

         }),

 

         /**

test/pbkdf2-test.js+14 −14 modified

@@ -5,59 +5,59 @@ YUI.add('algo-pbkdf2-test', function (Y) {
         name: 'PBKDF2',

 

         testKeySize128: function () {

-            Y.Assert.areEqual('cdedb5281bb2f801565a1122b2563515', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 128/32 }).toString());

+            Y.Assert.areEqual('62929ab995a1111c75c37bc562261ea3', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 128/32 }).toString());

         },

 

         testKeySize256: function () {

-            Y.Assert.areEqual('cdedb5281bb2f801565a1122b25635150ad1f7a04bb9f3a333ecc0e2e1f70837', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 256/32 }).toString());

+            Y.Assert.areEqual('62929ab995a1111c75c37bc562261ea3fb3cdc7e725c4ca87c03cec5bb7663e1', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 256/32 }).toString());

         },

 

         testKeySize128Iterations2: function () {

-            Y.Assert.areEqual('01dbee7f4a9e243e988b62c73cda935d', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 128/32, iterations: 2 }).toString());

+            Y.Assert.areEqual('262fb72ea65b44ab5ceba7f8c8bfa781', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 128/32, iterations: 2 }).toString());

         },

 

         testKeySize256Iterations2: function () {

-            Y.Assert.areEqual('01dbee7f4a9e243e988b62c73cda935da05378b93244ec8f48a99e61ad799d86', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 256/32, iterations: 2 }).toString());

+            Y.Assert.areEqual('262fb72ea65b44ab5ceba7f8c8bfa7815ff9939204eb7357a59a75877d745777', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 256/32, iterations: 2 }).toString());

         },

 

         testKeySize128Iterations1200: function () {

-            Y.Assert.areEqual('5c08eb61fdf71e4e4ec3cf6ba1f5512b', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 128/32, iterations: 1200 }).toString());

+            Y.Assert.areEqual('c76a982415f1acc71dc197273c5b6ada', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 128/32, iterations: 1200 }).toString());

         },

 

         testKeySize256Iterations1200: function () {

-            Y.Assert.areEqual('5c08eb61fdf71e4e4ec3cf6ba1f5512ba7e52ddbc5e5142f708a31e2e62b1e13', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 256/32, iterations: 1200 }).toString());

+            Y.Assert.areEqual('c76a982415f1acc71dc197273c5b6ada32f62915ed461718aad32843762433fa', C.PBKDF2('password', 'ATHENA.MIT.EDUraeburn', { keySize: 256/32, iterations: 1200 }).toString());

         },

 

         testKeySize128Iterations5: function () {

-            Y.Assert.areEqual('d1daa78615f287e6a1c8b120d7062a49', C.PBKDF2('password', C.enc.Hex.parse('1234567878563412'), { keySize: 128/32, iterations: 5 }).toString());

+            Y.Assert.areEqual('74e98b2e9eeddaab3113c1efc6d82b07', C.PBKDF2('password', C.enc.Hex.parse('1234567878563412'), { keySize: 128/32, iterations: 5 }).toString());

         },

 

         testKeySize256Iterations5: function () {

-            Y.Assert.areEqual('d1daa78615f287e6a1c8b120d7062a493f98d203e6be49a6adf4fa574b6e64ee', C.PBKDF2('password', C.enc.Hex.parse('1234567878563412'), { keySize: 256/32, iterations: 5 }).toString());

+            Y.Assert.areEqual('74e98b2e9eeddaab3113c1efc6d82b073c4860195b3e0737fa21a4778f376321', C.PBKDF2('password', C.enc.Hex.parse('1234567878563412'), { keySize: 256/32, iterations: 5 }).toString());

         },

 

         testKeySize128Iterations1200PassPhraseEqualsBlockSize: function () {

-            Y.Assert.areEqual('139c30c0966bc32ba55fdbf212530ac9', C.PBKDF2('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', 'pass phrase equals block size', { keySize: 128/32, iterations: 1200 }).toString());

+            Y.Assert.areEqual('c1dfb29a4d2f2fb67c6f78d074d66367', C.PBKDF2('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', 'pass phrase equals block size', { keySize: 128/32, iterations: 1200 }).toString());

         },

 

         testKeySize256Iterations1200PassPhraseEqualsBlockSize: function () {

-            Y.Assert.areEqual('139c30c0966bc32ba55fdbf212530ac9c5ec59f1a452f5cc9ad940fea0598ed1', C.PBKDF2('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', 'pass phrase equals block size', { keySize: 256/32, iterations: 1200 }).toString());

+            Y.Assert.areEqual('c1dfb29a4d2f2fb67c6f78d074d663671e6fd4da1e598572b1fecf256cb7cf61', C.PBKDF2('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', 'pass phrase equals block size', { keySize: 256/32, iterations: 1200 }).toString());

         },

 

         testKeySize128Iterations1200PassPhraseExceedsBlockSize: function () {

-            Y.Assert.areEqual('9ccad6d468770cd51b10e6a68721be61', C.PBKDF2('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', 'pass phrase exceeds block size', { keySize: 128/32, iterations: 1200 }).toString());

+            Y.Assert.areEqual('22344bc4b6e32675a8090f3ea80be01d', C.PBKDF2('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', 'pass phrase exceeds block size', { keySize: 128/32, iterations: 1200 }).toString());

         },

 

         testKeySize256Iterations1200PassPhraseExceedsBlockSize: function () {

-            Y.Assert.areEqual('9ccad6d468770cd51b10e6a68721be611a8b4d282601db3b36be9246915ec82a', C.PBKDF2('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', 'pass phrase exceeds block size', { keySize: 256/32, iterations: 1200 }).toString());

+            Y.Assert.areEqual('22344bc4b6e32675a8090f3ea80be01d5f95126a2cddc3facc4a5e6dca04ec58', C.PBKDF2('XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', 'pass phrase exceeds block size', { keySize: 256/32, iterations: 1200 }).toString());

         },

 

         testKeySize128Iterations50: function () {

-            Y.Assert.areEqual('6b9cf26d45455a43a5b8bb276a403b39', C.PBKDF2(C.enc.Hex.parse('f09d849e'), 'EXAMPLE.COMpianist', { keySize: 128/32, iterations: 50 }).toString());

+            Y.Assert.areEqual('44b0781253db3141ac4174af29325818', C.PBKDF2(C.enc.Hex.parse('f09d849e'), 'EXAMPLE.COMpianist', { keySize: 128/32, iterations: 50 }).toString());

         },

 

         testKeySize256Iterations50: function () {

-            Y.Assert.areEqual('6b9cf26d45455a43a5b8bb276a403b39e7fe37a0c41e02c281ff3069e1e94f52', C.PBKDF2(C.enc.Hex.parse('f09d849e'), 'EXAMPLE.COMpianist', { keySize: 256/32, iterations: 50 }).toString());

+            Y.Assert.areEqual('44b0781253db3141ac4174af29325818584698d507a79f9879033dec308a2b77', C.PBKDF2(C.enc.Hex.parse('f09d849e'), 'EXAMPLE.COMpianist', { keySize: 256/32, iterations: 50 }).toString());

         },

 

         testInputIntegrity: function () {

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-xwcq-pm8m-c4vfghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-46233ghsaADVISORY
github.com/brix/crypto-js/commit/421dd538b2d34e7c24a5b72cc64dc2b9167db40aghsax_refsource_MISCWEB
github.com/brix/crypto-js/security/advisories/GHSA-xwcq-pm8m-c4vfghsax_refsource_CONFIRMWEB
lists.debian.org/debian-lts-announce/2023/11/msg00025.htmlghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000