CVE-2018-1000620

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-1000620
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1000620.json
Aliases
Published
2018-07-09T20:29:00Z
Modified
2023-11-08T03:59:39.699757Z
Details

Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.

References

Affected packages

Git / github.com/hapijs/cryptiles

Affected ranges

Type
GIT
Repo
https://github.com/hapijs/cryptiles
Events
Fixed
2d626edfaf18a45b7105276704d453dac22f133f
Introduced
3e182715d903df5c2c8f61e1eb19d8e7c83f84c4