CVE-2021-41117 Overview
CVE-2021-41117 is a critical insecure random number generation vulnerability in keypair, a JavaScript RSA PEM key generator library. The vulnerability stems from multiple flaws in the library's cryptographic random number generation implementation, causing it to generate identical RSA keys. This deficiency allows attackers to potentially guess private keys, enabling them to decrypt confidential messages or gain unauthorized access to victim accounts.
Critical Impact
The keypair library generates RSA keys with severely weakened entropy due to improper CSPRNG implementation, resulting in predictable and duplicate private keys that can be exploited to compromise encrypted communications and authentication systems.
Affected Products
- keypair_project keypair (all versions prior to patch)
Discovery Timeline
- 2021-10-11 - CVE CVE-2021-41117 published to NVD
- 2024-11-21 - Last updated in NVD database
Technical Details for CVE-2021-41117
Vulnerability Analysis
This vulnerability represents a severe breakdown in cryptographic security fundamentals. The keypair library was discovered to be generating identical RSA keys—a condition that should be statistically impossible with properly implemented RSA-2048 key generation. Identical P, Q, and N values appearing repeatedly indicates fundamental problems with random number generation or CSPRNG output handling.
The impact is devastating from a security perspective: RSA's security model relies entirely on the computational difficulty of factoring large composite numbers derived from randomly chosen primes. When the same primes are reused across multiple key pairs, the entire security model collapses, allowing attackers to derive private keys and compromise any system relying on these generated keys.
Root Cause
The vulnerability originates from three interconnected issues in the library's random number generation:
Issue 1 (GHSL-2021-1012): The library implements its own counter-based CMAC approach instead of relying entirely on platform-provided CSPRNGs. The seeding mechanism in the defaultSeedFile function has critical flaws depending on the execution environment.
Issue 2: In NodeJS environments, despite having access to a strong CSPRNG, the library fails to use it because a variable named crypto is declared and set to null, shadowing node's crypto module. This forces the fallback path to be taken.
Issue 3: The fallback path uses a Lehmer LCG seeded with Math.random, and critically, the output encoding contains a bug. The line b.putByte(String.fromCharCode(next & 0xFF)) combined with putByte's definition results in a double String.fromCharCode call. This causes 97% of the LCG output to be converted to zeros (only values 48-57 produce meaningful bytes), dramatically reducing seed entropy.
Attack Vector
The vulnerability is exploitable over the network without authentication or user interaction. An attacker targeting systems using keypair-generated RSA keys can:
- Generate a collection of weak keys using the same flawed library implementation
- Attempt to match generated keys against observed public keys in target systems
- Once a match is found, the attacker possesses the corresponding private key
- Use the private key to decrypt intercepted communications or authenticate as the victim
The flawed encoding logic that causes the double String.fromCharCode call results in deterministic, predictable key material. Since each seed byte has a 97% probability of being zero, the actual entropy of generated keys is drastically lower than expected for RSA-2048.
Detection Methods for CVE-2021-41117
Indicators of Compromise
- Presence of the vulnerable keypair library in package.json or node_modules directories
- Multiple systems or services using identical RSA public keys where uniqueness is expected
- SSH authorized_keys files containing duplicate entries across different hosts
- Cryptographic operations failing due to key collisions in certificate stores
Detection Strategies
- Audit all Node.js projects for dependencies on the keypair package using npm audit or similar tools
- Compare generated RSA public keys across environments to identify duplicates that indicate vulnerable key generation
- Review application logs for cryptographic errors or warnings related to key generation
- Implement software composition analysis (SCA) to flag vulnerable library versions in CI/CD pipelines
Monitoring Recommendations
- Deploy SentinelOne Singularity to detect and alert on vulnerable software components within your infrastructure
- Configure dependency scanning tools to continuously monitor for outdated or vulnerable npm packages
- Establish baseline cryptographic key inventories and alert on anomalous key reuse patterns
- Monitor authentication logs for successful logins using keys that should not be valid
How to Mitigate CVE-2021-41117
Immediate Actions Required
- Identify all applications and services using the keypair library and prioritize remediation
- Regenerate all RSA keys that were created using vulnerable versions of keypair with a properly secured library
- Revoke and replace SSH keys, TLS certificates, and any other cryptographic credentials generated by the vulnerable library
- Update the keypair dependency to the patched version immediately
Patch Information
The vulnerability was addressed by the keypair project maintainers. Security patches are available through the GitHub Security Advisory. Users should update to the latest version of the keypair package that includes fixes for the random number generation issues. Additional technical details are available in the GitHub Security Lab Advisory.
Workarounds
- Replace keypair with alternative RSA key generation libraries that properly utilize platform CSPRNGs
- In Node.js environments, use the native crypto.generateKeyPairSync() function for RSA key generation
- For browser environments, ensure window.crypto.getRandomValues() is available before generating keys
- Implement key generation validation that checks for duplicate keys before deployment
# Configuration example
# Audit your project for vulnerable keypair versions
npm audit
# Update keypair to the latest patched version
npm update keypair
# Alternatively, replace with Node.js native crypto for key generation
# In your application code, use:
# const { generateKeyPairSync } = require('crypto');
# const { publicKey, privateKey } = generateKeyPairSync('rsa', { modulusLength: 2048 });
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
