Vulnerability Description
Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cryptiles Project | Cryptiles | < 3.1.3 |
Related Weaknesses (CWE)
References
- https://github.com/hapijs/cryptiles/issues/34Issue TrackingPatchThird Party Advisory
- https://github.com/hapijs/cryptiles/issues/35
- https://github.com/hapijs/cryptiles/issues/34Issue TrackingPatchThird Party Advisory
- https://github.com/hapijs/cryptiles/issues/35
FAQ
What is CVE-2018-1000620?
CVE-2018-1000620 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force some...
How severe is CVE-2018-1000620?
CVE-2018-1000620 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-1000620?
Check the references section above for vendor advisories and patch information. Affected products include: Cryptiles Project Cryptiles.