CVE-2016-15005 Cryptographically weak random number generation in github.com/dinever/golf

2022-12-2721:13:27

www.cve.org

cve-2016-15005

cryptographically weak

random number generation

github.com/dinever/golf

csrf tokens

predictable

predictability

bypass csrf protections.

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

47.5%

JSON

CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.

CNA Affected

[
  {
    "vendor": "github.com/dinever/golf",
    "product": "github.com/dinever/golf",
    "collectionURL": "https://pkg.go.dev",
    "packageName": "github.com/dinever/golf",
    "versions": [
      {
        "version": "0",
        "lessThan": "0.3.0",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "programRoutines": [
      {
        "name": "randomBytes"
      },
      {
        "name": "Context.Render"
      },
      {
        "name": "Context.RenderFromString"
      }
    ],
    "defaultStatus": "unaffected"
  }
]