Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Summary

A weak randomness in WebCrypto keygen vulnerability exists in Node.js versions 15.0.x through 15.14.0, 16.0.x through 16.12.0, 16.13.x through 16.17.0, and 18.0.x through 18.9.0 due to a change with "EntropySource()" in "SecretKeyGenTraits::DoKeyGen()" in "src/crypto/crypto_keygen.cc". There are two problems with this: It does not check the return value, it assumes "EntropySource()" always succeeds, but it can (and sometimes will) fail. The random data returned "byEntropySource()" may not be cryptographically strong and therefore not suitable as keying material.