PT-2018-6058 · Facebook+1 · React-Native-Meteor-Oauth+1

Published

2018-06-04

Updated

2019-10-09

CVE-2017-16028

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: react-native-meteor-oauth (affected versions not specified) randomatic versions prior to 3.0.0

Description: The issue concerns the generation of random values using a non-cryptographically strong pseudo-random number generator, which may result in predictable values instead of random values as intended. This affects the oauth Random Token generation in react-native-meteor-oauth and the random values generated by randomatic.

Recommendations: For react-native-meteor-oauth, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For randomatic versions prior to 3.0.0, update to version 3.0.0 or later.

Use of Insufficiently Random Values

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-338CWE-330

Related Identifiers

CVE-2017-16028

GHSA-6G33-F262-XJP4

Affected Products

Randomatic

React-Native-Meteor-Oauth

PT-2018-6058 · Facebook+1 · React-Native-Meteor-Oauth+1

CVE-2017-16028

Weakness Enumeration

Related Identifiers

Affected Products

References · 8