Insufficient Entropy

2018-11-01T18:32:48
ID NODEJS:720
Type nodejs
Reporter Microsoft Vulnerability Research
Modified 2018-11-02T21:39:11

Description

Overview

Versions of cryptiles from version 3.1.0 through 3.1.2, and versions 4.0.0 to version 4.1.1 are vulnerable to insufficient entropy. The randomDigits method generates digits that lack a perfect distribution over enough attempts.

Recommendation

Update to version 3.1.3 or 4.1.2 or later.

References