CVE-2018-1000620
CRITICALEran Hammer cryptiles <4.1.1 - Insufficient Entropy
Title source: llmDescription
Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.
References (2)
Core 2
Core References
Issue Tracking, Patch, Third Party Advisory
https://github.com/hapijs/cryptiles/issues/34
Issue Tracking
https://github.com/hapijs/cryptiles/issues/35
Scores
CVSS v3
9.8
EPSS
0.0168
EPSS Percentile
73.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-331
Status
published
Products (3)
cryptiles_project/cryptiles
< 3.1.3
npm/cryptiles
3.1.0 - 3.1.3npm
npm/cryptiles
4.0.0 - 4.1.2npm
Published
Jul 09, 2018
Tracked Since
Feb 18, 2026