9 matches found
EUVD-2018-0467
Malware in sbrugna...
Insufficient Entropy
Overview Versions of cryptiles prior to 4.1.2 are vulnerable to Insufficient Entropy. The randomDigits method does not provide sufficient entropy and its generates digits that are not evenly distributed. Recommendation Upgrade to version 4.1.2. The package is deprecated and has been moved to...
Insufficient Entropy in cryptiles
Versions of cryptiles prior to 4.1.2 are vulnerable to Insufficient Entropy. The randomDigits method does not provide sufficient entropy and its generates digits that are not evenly distributed. Recommendation Upgrade to version 4.1.2. The package is deprecated and has been moved to @hapi/cryptil...
GHSA-RQ8G-5PC5-WRHR Insufficient Entropy in cryptiles
Versions of cryptiles prior to 4.1.2 are vulnerable to Insufficient Entropy. The randomDigits method does not provide sufficient entropy and its generates digits that are not evenly distributed. Recommendation Upgrade to version 4.1.2. The package is deprecated and has been moved to @hapi/cryptil...
Design/Logic Flaw
Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the...
CVE-2018-1000620
Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the...
CVE-2018-1000620
Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the...
CVE-2018-1000620
Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the...
CVE-2018-1000620
CVE-2018-1000620 : Eran Hammer cryptiles 4.1.1 contains a CWE-331 Insufficient Entropy flaw in randomDigits(), enabling brute-force guessing of randomness. IBM/Oracle-style bulletin confirms the issue and notes it is fixed in 4.1.2; remediation is to upgrade to 4.1.2 (or move to maintained packag...