Insufficiently Random Values
dfinity/auth-client and dfinity/identity are vulnerable to insecure key generation. The vulnerability is due to the Ed25519KeyIdentity.generate function as it uses an insecure seed for key pair generation when no seed value is provided. This flaw breaks the guarantee of secure randomness and can...