Overview
Versions of cryptiles
from version 3.1.0 through 3.1.2, and versions 4.0.0 to version 4.1.1 are vulnerable to insufficient entropy. The randomDigits
method generates digits that lack a perfect distribution over enough attempts.
Remediation
Update to version 3.1.3 or 4.1.2 or later.
Resources
Have content suggestions? Visit npmjs.com/support.
Advisory timeline
Created
2018-11-01T18:32:48.906Updated
2018-11-02T21:39:11.618