Severity: moderate

Cryptographically Weak PRNG

generate-password

Overview

Affected versions of generate-password generate random values that are biased towards certain characters depending on the chosen character sets. This may result in guessable passwords.

Remediation

Update to version 1.4.1 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Jan 9th, 2019
  2. reported

    Jan 9th, 2019