-
-
Notifications
You must be signed in to change notification settings - Fork 879
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
node.js SECURITY VULN: claims to use crypto, but uses Math.random() #122
Comments
coolaj86
changed the title
node.js SECURITY VULN: false === typeof(_global.require) == 'function')
node.js SECURITY VULN: claims to use crypto, but uses Math.random()
Nov 7, 2015
SECURITY VULNERABILITY Just realized that https://github.com/broofa/node-uuid/issues/122 is a dup of https://github.com/broofa/node-uuid/issues/118 and https://github.com/broofa/node-uuid/issues/108. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've tested this on io.js v1.6.3 and node.js v5.0.0.
Tested with
npm install node-uuid@latest
Discovered this after posting a joke on twitter and then decided to actually try replacing
Math.random()
with an error-throwing function to as part of a security audit on my software and its modules.This module uses
Math.random()
because testing the availability of crypto fails.Should be
'function' === typeof require
, pull requesting....The text was updated successfully, but these errors were encountered: