CVE-2023-46233: crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations.
Security readout for executives and security teams
Plain-English summary
CVE-2023-46233 affects crypto-js before 4.2.0. Its PBKDF2 password/key derivation default was far too weak: SHA-1 with one iteration. Systems relying on those defaults may have passwords, keys, or signatures that are much easier to crack if an attacker obtains protected material.
Executive priority
Treat as urgent for products handling passwords, encryption keys, or signatures with crypto-js. It is not described as remote code execution, but it can materially weaken the protection of sensitive data and may require both software updates and secret remediation.
Technical view
crypto-js PBKDF2 defaulted to SHA1 and a single iteration before 4.2.0. The advisory states this is 1,000 times weaker than the 1993 PBKDF2 guidance and at least 1.3 million times weaker than current standard. CWE mappings include weak hash and weak password-based key derivation.
Likely exposure
Exposure is most likely in applications directly or transitively using crypto-js below 4.2.0 and calling PBKDF2 without strong explicit options. Risk is highest where PBKDF2 protects passwords, encryption keys, or signature material.
Exploitation context
No active exploitation is identified in the provided sources, and CISA KEV is false. Practical abuse depends on an attacker obtaining derived hashes, encrypted data, or related material, then benefiting from much cheaper offline guessing or cryptographic attack effort.
Researcher notes
The key question is usage, not just package presence. Confirm whether PBKDF2 defaults were used and what protected assets were generated. Sources name the patch and workaround, but do not provide evidence of known exploitation.
Mitigation direction
Upgrade crypto-js to version 4.2.0 or later.
If upgrading is delayed, configure PBKDF2 with SHA256 and at least 250,000 iterations.
Review vendor and distribution guidance, including Debian advisories where applicable.
Plan re-derivation or credential rotation for secrets created with weak defaults.
Validation and detection
Inventory applications and SBOMs for crypto-js versions below 4.2.0.
Check direct and transitive JavaScript dependency lockfiles.
Search application code for PBKDF2 usage without explicit hash and iteration settings.
Identify stored secrets or signatures generated using vulnerable defaults.
Confirm upgraded builds deploy crypto-js 4.2.0 or later.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-328: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
1CVSS vectors
3Timeline events
2ADP providers
4Source links
SSVC decision data
CISA-ADPCISA Coordinator
Timestamp
Version
2.0.3
Exploitation: noneAutomatable: yesTechnical Impact: total
CVSS vector scores
1 official score
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-328 · source CWE mapping
Use of Weak Hash
Use of Weak Hash represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
Use of Password Hash With Insufficient Computational Effort
Use of Password Hash With Insufficient Computational Effort represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.