CVE-2018-1000620

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-1000620
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000620.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-1000620
Aliases
Published
2018-07-09T20:29:00Z
Modified
2025-01-14T07:20:02.586917Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.

References

Affected packages

Git / github.com/hapijs/cryptiles

Affected ranges

Type
GIT
Repo
https://github.com/hapijs/cryptiles
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v.*

v.0.0.2

v0.*

v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.2.0
v0.2.1
v0.2.2

v1.*

v1.0.0
v1.0.1

v2.*

v2.0.0
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5

v3.*

v3.0.0
v3.0.1
v3.0.2
v3.1.0
v3.1.1
v3.1.2