Javascript Weak Rsa Modulus 1024
Description
Detects the use of insecure RSA key generation in JavaScript code where keys are created with a weak 1024-bit modulus size. RSA keys with insufficient bit length are vulnerable to factorization attacks, potentially compromising the cryptographic security.
Detection Strategy
• Identifies JavaScript code that generates RSA key pairs
• Checks if the RSA key generation specifies a modulus size of 1024 bits
• Reports a vulnerability when RSA keys are created with insufficient key length
• Examines crypto-related function calls and key generation parameters in the code
Vulnerable code example
const crypto = require('crypto');
function generateWeakKey() {
const options = {
modulusLength: 1024, // Vulnerable: Using weak 1024-bit key length
publicKeyEncoding: {
type: 'pkcs1',
format: 'pem'...✅ Secure code example
const crypto = require('crypto');
function generateSecureKey() {
const options = {
modulusLength: 3072, // Secure: Using stronger 3072-bit key length
publicKeyEncoding: {
type: 'spki', // Secure: Using modern SPKI format for public key
format: 'pem'...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.