You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Insufficient Entropy in cryptiles
Critical severity
GitHub Reviewed
Published
Sep 11, 2018
to the GitHub Advisory Database
•
Updated Nov 29, 2023
Versions of cryptiles prior to 4.1.2 are vulnerable to Insufficient Entropy. The randomDigits() method does not provide sufficient entropy and its generates digits that are not evenly distributed.
Recommendation
Upgrade to version 4.1.2. The package is deprecated and has been moved to @hapi/cryptiles and it is strongly recommended to use the maintained package.
Versions of
cryptiles
prior to 4.1.2 are vulnerable to Insufficient Entropy. TherandomDigits()
method does not provide sufficient entropy and its generates digits that are not evenly distributed.Recommendation
Upgrade to version 4.1.2. The package is deprecated and has been moved to
@hapi/cryptiles
and it is strongly recommended to use the maintained package.References