PT-2018-9474 · Hapi+1 · @Hapi/Cryptiles+1
Hueniverse
·
Published
2018-07-09
·
Updated
2023-03-31
·
CVE-2018-1000620
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Eran Hammer cryptiles versions 4.1.1 and earlier
Description
The issue is related to insufficient entropy in the
randomDigits() method, which can result in an increased likelihood of brute force attacks. This attack appears to be exploitable depending on the calling application.Recommendations
For versions 4.1.1 and earlier, upgrade to version 4.1.2 to resolve the issue. Note that the package is deprecated and has been moved to
@hapi/cryptiles, and it is strongly recommended to use the maintained package.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
@Hapi/Cryptiles
Cryptiles