Typescript Weak Ec Curve Secp192k1
Description
Detects the usage of weak elliptic curves (specifically secp192k1) in cryptographic operations within TypeScript code. The secp192k1 curve is considered cryptographically weak due to its small key size of 192 bits, which does not provide adequate security margins for modern applications.
Detection Strategy
• Check for cryptographic key generation or operations using the secp192k1 elliptic curve
• Look for crypto-related function calls or parameters that specify 'secp192k1' as the curve choice
• Identify instances where elliptic curve parameters are being configured with this weak curve value
Vulnerable code example
const { generateKeyPair } = require('crypto');
function generateKeys() {
generateKeyPair('ec', {
namedCurve: 'secp192k1', // Vulnerable: Using weak elliptic curve (192 bits)
publicKeyEncoding: {
type: 'spki',
format: 'pem'...✅ Secure code example
const { generateKeyPair } = require('crypto');
function generateKeys() {
return new Promise((resolve, reject) => {
generateKeyPair('ec', {
namedCurve: 'prime256v1', // Secure: Using stronger NIST P-256 curve (256 bits)
publicKeyEncoding: {
type: 'spki',...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.