3 matches found
@trycar-packages-org/tc-entities-production (=1.0.93), otp-generator-strapi (>=1.0.0 <=1.0.1) +12 more potentially affected by CVE-2021-23451 via otp-generator (>=1.1.0 <=2.0.1)
otp-generator NPM version =1.1.0, =1.0.0, =1.0.4, =1.0.1, =1.0.1, =1.0.80, =0.0.1, =1.2.0, =1.0.1, =1.0.5 Source cves: CVE-2021-23451 Source advisory: OSV:GHSA-6X93-H9G3-9PHR...
CVE-2021-23451 Insecure Randomness
The package otp-generator before 3.0.0 are vulnerable to Insecure Randomness due to insecure generation of random one-time passwords, which may allow a brute-force attack...
CVE-2021-23451
CVE-2021-23451 affects otp-generator prior to 3.0.0, where insecure randomness in the one-time password generation can enable brute-force attacks. Public sources in connected documents consistently describe insecure random number generation (Math.Random) as the root cause, leading to predictable ...