Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

randomDigits() generates biased random digits #34

Closed
hueniverse opened this issue Jun 24, 2018 · 3 comments · Fixed by majacQ/sharelock#3
Closed

randomDigits() generates biased random digits #34

hueniverse opened this issue Jun 24, 2018 · 3 comments · Fixed by majacQ/sharelock#3
Assignees
@hueniverse
Labels
bug Bug or defect security Issue with security impact
Milestone
4.1.2

Comments

@hueniverse
Copy link
Contributor

hueniverse commented Jun 24, 2018
edited

Reported by Microsoft Vulnerability Research: MSVR 45977.

The randomDigits() method generates digits that lack a perfect distribution over enough attempts.
@hueniverse hueniverse added bug Bug or defect security Issue with security impact labels Jun 24, 2018
@hueniverse hueniverse added this to the 4.1.2 milestone Jun 24, 2018
@hueniverse hueniverse self-assigned this Jun 24, 2018
@ddillard
Copy link

Is there going to be a CVE for this issue?

@ddillard
Copy link

ddillard commented Jul 9, 2018

This issue has been assigned CVE-2018-1000620

@lynxlynxlynx lynxlynxlynx mentioned this issue Sep 11, 2018
Open
@yonjah yonjah mentioned this issue Sep 25, 2018
Closed
This was referenced Oct 8, 2018
Closed
Open
Open
@cookiemonster cookiemonster mentioned this issue Oct 13, 2018
Closed
@davidwatkins73 davidwatkins73 mentioned this issue Oct 25, 2018
Closed
@hueniverse hueniverse mentioned this issue Nov 2, 2018
Closed
hueniverse added a commit that referenced this issue Nov 2, 2018
@hueniverse
Backport fix #34. Closes #35
cb6bd64
@PoorPocketsMcNewHold PoorPocketsMcNewHold mentioned this issue Feb 9, 2019
Open
@diestrin diestrin mentioned this issue Feb 24, 2019
Closed
@lock
Copy link

lock bot commented Jan 9, 2020

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.

@lock lock bot locked as resolved and limited conversation to collaborators Jan 9, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@hueniverse hueniverse

Labels
bug Bug or defect security Issue with security impact
Projects
None yet
Milestone
4.1.2
Development

Successfully merging a pull request may close this issue.

Bump cryptiles from 4.1.1 to 4.1.3 majacQ/sharelock
2 participants
@hueniverse @ddillard