Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

node.js SECURITY VULN: claims to use crypto, but uses Math.random() #122

Closed
coolaj86 opened this issue Nov 7, 2015 · 1 comment
Closed

node.js SECURITY VULN: claims to use crypto, but uses Math.random() #122

coolaj86 opened this issue Nov 7, 2015 · 1 comment

Comments

@coolaj86
Copy link
Contributor

coolaj86 commented Nov 7, 2015

I've tested this on io.js v1.6.3 and node.js v5.0.0.

Tested with npm install node-uuid@latest

Discovered this after posting a joke on twitter and then decided to actually try replacing Math.random() with an error-throwing function to as part of a security audit on my software and its modules.

This module uses Math.random() because testing the availability of crypto fails.

console.log(typeof(_global.require) == 'function');
false

Should be 'function' === typeof require, pull requesting....
@coolaj86 coolaj86 mentioned this issue Nov 7, 2015
Merged
@coolaj86 coolaj86 changed the title node.js SECURITY VULN: false === typeof(_global.require) == 'function') node.js SECURITY VULN: claims to use crypto, but uses Math.random() Nov 7, 2015
@coolaj86
Copy link
Contributor Author

SECURITY VULNERABILITY

Just realized that https://github.com/broofa/node-uuid/issues/122 is a dup of https://github.com/broofa/node-uuid/issues/118 and https://github.com/broofa/node-uuid/issues/108.

@coolaj86 coolaj86 mentioned this issue Nov 12, 2015
Closed
@simov simov mentioned this issue May 9, 2016
Closed
@mohlsen mohlsen mentioned this issue Jul 20, 2016
Closed
petems referenced this issue in petems/gscan Aug 31, 2016
@petems
Update node-uuid for Insecure Randomness issue
f6de634 
* https://snyk.io/vuln/npm:node-uuid:20160328
* https://github.com/broofa/node-uuid/issues/122
@bhelx bhelx mentioned this issue Oct 7, 2016
Merged
@ycliuhw ycliuhw mentioned this issue Oct 29, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@coolaj86