CVE-2021-23451

Use of Insufficiently Random Values in npm/otp-generator

Identifiers

GHSA-6x93-h9g3-9phr, CVE-2021-23451

Package Slug

npm/otp-generator

Vulnerability

Use of Insufficiently Random Values

Description

The package otp-generator before 3.0.0 is vulnerable to Insecure Randomness due to insecure generation of random one-time passwords, which may allow a brute-force attack.

Affected Versions

All versions before 3.0.0

Solution

Upgrade to version 3.0.0 or above.

Last Modified

2022-08-09

source