Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVE-2017-16028
Summary
react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. In versions before 3.0.0 the oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- LOW
- NONE
CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
Advisory Timeline
- Published