Insecure Random Number Generation in crypto-js Package for Node.js

Insecure Random Number Generation in crypto-js Package for Node.js

CVE-2020-36732 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary.

Learn more about our Web Application Penetration Testing UK.