Name of the Vulnerable Software and Affected Versions text-qrcode versions (affected versions not specified)

Description The issue concerns malicious code in the text-qrcode module that overwrites the randomBytes method of the crypto module. This results in the generation of weak entropy, producing 32-byte values that are easily guessable. The infected randomBytes function generates only 3 bytes of entropy, which are then hashed to create a 32-byte value.

Recommendations Uninstall text-qrcode immediately. If the module was used to generate entropy that is load bearing, all such instances of generated entropy must be replaced, including bitcoin wallets, private keys, encrypted messages, etc.