CVE-2020-14968 in jsrsasign Package
Summary
by MITRE
An issue was discovered in the jsrsasign package before 8.0.17 for Node.js. Its RSASSA-PSS (RSA-PSS) implementation does not detect signature manipulation/modification by prepending '\0' bytes to a signature (it accepts these modified signatures as valid). An attacker can abuse this behavior in an application by creating multiple valid signatures where only one signature should exist. Also, an attacker might prepend these bytes with the goal of triggering memory corruption issues.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 06/22/2026
The vulnerability identified in CVE-2020-14968 affects the jsrsasign package version 8.0.17 and earlier, representing a critical security flaw in RSA-PSS signature verification implementations within Node.js environments. This issue stems from insufficient validation mechanisms within the library's cryptographic signature processing functions, specifically targeting the RSASSA-PSS algorithm which is widely used for digital signatures in secure communications. The flaw manifests when signatures undergo manipulation through the prepending of null bytes, a technique that exploits weaknesses in the signature verification logic.
The technical implementation flaw resides in how the jsrsasign library processes RSA-PSS signatures, where it fails to properly validate the signature structure and content before accepting cryptographic proofs as valid. This vulnerability creates a path for signature malleability, allowing attackers to modify signatures by prepending null bytes without detection. The underlying cryptographic protocol should reject such modifications as invalid, but the library's verification routine accepts these altered signatures as legitimate, effectively bypassing security controls designed to prevent unauthorized signature manipulation.
From an operational perspective, this vulnerability enables attackers to exploit applications relying on the jsrsasign package by creating multiple valid signatures where only a single valid signature should exist. This creates a significant risk for systems implementing access control, authentication, or data integrity mechanisms that depend on digital signatures. The potential for memory corruption issues becomes particularly concerning when attackers leverage this flaw to craft malicious signatures that could trigger buffer overflows or other memory-related vulnerabilities in the underlying cryptographic libraries or application code.
The security implications extend beyond simple signature validation failures, as this vulnerability aligns with attack patterns described in the ATT&CK framework under the T1552.003 technique for "Unsecured Credentials" and T1059.001 for "Command and Scripting Interpreter" when attackers exploit signature manipulation to gain unauthorized access. This flaw represents a direct violation of the principle of least privilege and can lead to authentication bypasses, data integrity compromises, and unauthorized system access. The vulnerability specifically relates to CWE-327, which addresses weak cryptographic algorithms and improper implementation of cryptographic functions, and CWE-295, concerning improper certificate validation that can be exploited through signature manipulation attacks.
Mitigation strategies should include immediate upgrade to jsrsasign version 8.0.17 or later, which implements proper signature validation mechanisms that reject null-byte prepended signatures. Organizations should also implement signature integrity checks at multiple layers of their applications, including additional validation routines that verify signature structure before cryptographic verification. Network monitoring should be enhanced to detect anomalous signature patterns, and application code should be reviewed for reliance on vulnerable cryptographic libraries. System administrators should conduct comprehensive vulnerability assessments across all Node.js applications that utilize the jsrsasign package, particularly those handling authentication tokens, digital certificates, or sensitive data integrity requirements. The fix addresses the core issue by implementing strict signature format validation that prevents manipulation attacks while maintaining compatibility with legitimate cryptographic operations.