CVE-2018-1000620

CRITICAL

Eran Hammer cryptiles <4.1.1 - Insufficient Entropy

Title source: llm
STIX 2.1

Description

Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.

References (2)

Scores

CVSS v3 9.8
EPSS 0.0027
EPSS Percentile 50.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-331
Status published
Products (2)
cryptiles_project/cryptiles < 3.1.3
npm/cryptiles 3.1.0 - 4.1.2npm
Published Jul 09, 2018
Tracked Since Feb 18, 2026