CVE-2024-42475

In the OAuth library for nim prior to version 0.11, the state values generated by the generateState function do not have sufficient entropy. These can be successfully guessed by an attacker allowing them to perform a CSRF vs a user, associating the user's session with the attacker's protected...

CVE-2024-42475

The CVE describes the nim OAuth library prior to 0.11 having insecure generateState entropy in the state values, enabling potential CSRF with a user. The root cause is that generateState did not use a cryptographically secure generator, producing insufficient entropy (less than 128 bits). Version...