CVE-2017-16028

State: PUBLISHED · Published: 2018-06-04 · Updated: 2024-09-17 · Assigner: hackerone

Description

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).

CWE

CWE-330 — Use of Insufficiently Random Values (CWE-330)

Affected

HackerOne / react-native-meteor-oauth node module — v=All versions [affected]

CVSS

(none)

References

https://github.com/tableflip/react-native-meteor-oauth/blob/a7eb738b74c469f5db20296b44b7cae4e2337435/src/meteor-oauth.js#L66 x_refsource_MISC
https://nodesecurity.io/advisories/157 x_refsource_MISC

Source

cvelistV5-main/cves/2017/16xxx/CVE-2017-16028.json