CVE-2023-50481: 
JavaScript vulnerability analysis and mitigation

A vulnerability was discovered in blinksocks version 3.3.8 that allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js. The vulnerability was disclosed on December 21, 2023, and has been assigned CVE-2023-50481. The issue has been rated as HIGH severity with a CVSS v3.1 base score of 7.5 (NVD).

The vulnerability stems from the use of outdated encryption algorithms and fixed initialization vectors in multiple components. Specifically, the issues include non-random IV usage for CBC and CFB modes in ssr-auth-aes128.js and ssr-auth-chain.js, as well as the implementation of insecure symmetric-key algorithms like RC4 in multiple locations within ssr-auth-chain.js. The vulnerability is classified under CWE-327 (Use of a Broken or Risky Cryptographic Algorithm) and CWE-329 (Generation of Weak Initialization Vector) (GitHub Advisory).

The use of weak encryption algorithms and fixed initialization vectors can lead to information disclosure, potentially allowing attackers to intercept and decrypt sensitive data. This vulnerability could compromise the confidentiality of data transmitted through the affected components (GitHub Issue).

As of the vulnerability disclosure, there is no official patch available. It is recommended to update the encryption algorithms to more secure alternatives and implement proper random initialization vector generation for CBC and CFB modes (GitHub Issue).