CVE-2018-8319: Multiple Issues in Microsoft Research Cryptographic Library (JavaScript msrCrypto)

As part of the research team I led at Ionic Security, in collaboration with two excellent teammates, we uncovered and published multiple issues with the elliptic curve math in the Microsoft Research JavaScript cryptographic library, called msrCrypto. This is a common library which was also available on the npm package manager and was frequently downloaded.

You can read more from the blog post we wrote, which goes into a fair level of detail: IONIC SECURITY IDENTIFIES MULTIPLE ISSUES IN JAVASCRIPT CRYPTOGRAPHIC LIBRARY (CVE-2018-8319).