Nefariously Programmed Mecha
    Severity: high

    Insufficient Entropy

    cryptiles

    Overview

    Versions of cryptiles from version 3.1.0 through 3.1.2, and versions 4.0.0 to version 4.1.1 are vulnerable to insufficient entropy. The randomDigits method generates digits that lack a perfect distribution over enough attempts.

    Remediation

    Update to version 3.1.3 or 4.1.2 or later.

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. Created

      2018-11-01T18:32:48.906
    2. Updated

      2018-11-02T21:39:11.618