CVE-2018-1000620: Insufficient Entropy

July 9, 2018 (updated September 10, 2018)

Eran Hammer cryptiles contains an Insufficient Entropy vulnerability in randomDigits(). An attacker is more likely to be able to brute force something that was supposed to be random. This attack appear to be exploitable depending upon the calling application.

References

nvd.nist.gov/vuln/detail/CVE-2018-1000620

Detect and mitigate CVE-2018-1000620 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →