PT-2018-9474 · Hapi+1 · @Hapi/Cryptiles+1
Hueniverse
·
Publicado
2018-07-09
·
Atualizado
2023-03-31
·
CVE-2018-1000620
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Eran Hammer cryptiles versions 4.1.1 and earlier
Description
The issue is related to insufficient entropy in the
randomDigits() method, which can result in an increased likelihood of brute force attacks. This attack appears to be exploitable depending on the calling application.Recommendations
For versions 4.1.1 and earlier, upgrade to version 4.1.2 to resolve the issue. Note that the package is deprecated and has been moved to
@hapi/cryptiles, and it is strongly recommended to use the maintained package.Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
@Hapi/Cryptiles
Cryptiles