Severity: high

Insufficient Entropy

cryptiles

Overview

Versions of cryptiles from version 3.1.0 through 3.1.2, and versions 4.0.0 to version 4.1.1 are vulnerable to insufficient entropy. The randomDigits method generates digits that lack a perfect distribution over enough attempts.

Remediation

Update to version 3.1.3 or 4.1.2 or later.

Advisory timeline

  1. Created

    2018-11-01T18:32:48.906Z
  2. Updated

    2018-11-02T21:39:11.618Z