Background: Pure JS implementation of secp256k1 signing, verification, recovery ECDSA. The code works as-is both in browsers and NodeJS, without the need of a bundler. See this link for details – https://github.com/lionello/secp256k1-js
Vulnerability details: The secp256k1-js package before 1.1.0 for Node.js implements ECDSA without required r and s validation, leading to signature forgery. See this link for details – https://nvd.nist.gov/vuln/detail/CVE-2022-41340
Ref: Signature forgery – a vulnerability in the signing process that allows an attacker to generate valid signatures without knowing the shared secret.
Design defect: The ecverify function does not check sig[.]r = sig[.]s = 0, which leads an attacker can construct a malicious signature (0, 0) that passes arbitrary checks.
Remedy: Upgrading to version 1.1.0 resolved the issue
Current possibility of exploitation: No technical details available. The vulnerability is less known than average, and there are no exploits available.
Observation: Can hacker crack the private key from the public key”? Well, the answer is always, “No”, unless there’s a weakness in the implementation.