Passeo uses insecure random number generator
Description
Published by the National Vulnerability Database
Dec 6, 2022
Published to the GitHub Advisory Database
Dec 6, 2022
Reviewed
Dec 6, 2022
Last updated
Oct 9, 2024
Impact
Everyone below v1.0.5 is impacted by this flaw, of confidentiality being at risk due to the password(s) being easily able to be guessed with Passeo's use of the
random
library. It is recommended to change any passwords made with Passeo before v1.0.5 and upgrade to v1.0.5, and v1.0.5 patches this with thesecrets
library.Workarounds
No current workaround available than updating to v1.0.5.
References