CVE-2021-23451

MEDIUM

otp-generator <3.0.0 - Info Disclosure

Title source: llm

Description

The package otp-generator before 3.0.0 are vulnerable to Insecure Randomness due to insecure generation of random one-time passwords, which may allow a brute-force attack.

References (3)

[Issue Tracking, Patch, Third Party Advisory] https://security.snyk.io/vuln/SNYK-JS-OTPGENERATOR-1655480

[Issue Tracking, Third Party Advisory] https://github.com/Maheshkumar-Kakade/otp-generator/issues/12

[Patch, Third Party Advisory] https://github.com/Maheshkumar-Kakade/otp-generator/commit/b27de1ce439ae7f533cec26677e9698671275b70

View Patch ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0038

EPSS Percentile 59.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-330

Status published

Products (2)

npm/otp-generator 0 - 3.0.0npm

otp-generator_project/otp-generator < 3.0.0

Published Jul 25, 2022

Tracked Since Feb 18, 2026