-
-
Notifications
You must be signed in to change notification settings - Fork 241
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TypeError: RSA_PKCS1_PADDING is no longer supported for private decryption #1293
Comments
Seems like a bug in nodejs. Caused by nodejs/node@54cd268 You can open an issue in https://github.com/nodejs/node for it |
Being discussed in nodejs/node#52017 |
Proposed programmatic way to re-enable is being discussed in nodejs/node#52090, pure js workaround snippet to fix mentioned in nodejs/node#52017 (comment) |
So, it looks like the node team decided to remove the padding feature? Is there a programmatic fix for it that could be added to nmp? I don't want to parse node arguments to all my applications. |
Read the linked issue/PR, I left a comment on nodejs/node#52017 (comment). Ideally the standard lib of a language doesn't do breaking updates to remove functionality in minor versions, but that's what seems to be the case at the moment (for security reasons). There is a PR to add a code based toggle to re-enable the funcionality, but it's not for sure that will be merged. This may require using the nodeRSA workaround snippet posted in nodejs/node#52017. |
I think we should go for the nodeRSA workaround for the time being because Node-Minecraft-Protocol does not work right now with the latest LTS versions of Node. |
Yeah, nodejs/node#52017 (comment) should have the relevant code to do it |
[x] The FAQ doesn't contain a resolution to my issue
Versions
Detailed description of a problem
when trying to connect, on login.js line 120 the padding "crypto.constants.RSA_PKCS1_PADDING" throws an error, due to CVE-2023-46809
Current code
Expected behavior
wasnt sure if there was a way to fix this, or if its just a part of the encryption method
edit: the error is silent, and the server just responds "Disconnected"
and i should clarify, im not sure if its possible to use another encryption method or not
Additional context
originally was using node v20.11.1, but updated at some point to see if it would help
passing "--security-revert=CVE-2023-46809" gives another errorThe text was updated successfully, but these errors were encountered: