You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Good day.
Raising this issue of a low security concern that was identified and raised by our security team in a JS component under webcomponents assets (webcomponents-bundle.js) in one of our service.
Findings: Insecure Randomness.
Risk: Low
Description: The random number generator implemented by Math.random() cannot withstand a cryptographic attack.
Impact: Random values are often used as a mechanism to prevent malicious users from guessing a value, such as a password, encryption key, or session identifier. Depending on what this random value is used for, an attacker would be able to predict the next numbers generated, or previously generated values. This will enable the attacker to hijack another user's session, impersonate another user, or crack an encryption key (depending on what the random function was used for).
I hope I have given all necessary details regarding this matter.
I am looking forward to hearing from you at your earliest convenience.
Thank you.
The text was updated successfully, but these errors were encountered:
Hi,
Good day.
Raising this issue of a low security concern that was identified and raised by our security team in a JS component under webcomponents assets (webcomponents-bundle.js) in one of our service.
Findings: Insecure Randomness.
Risk: Low
Description: The random number generator implemented by Math.random() cannot withstand a cryptographic attack.
Impact: Random values are often used as a mechanism to prevent malicious users from guessing a value, such as a password, encryption key, or session identifier. Depending on what this random value is used for, an attacker would be able to predict the next numbers generated, or previously generated values. This will enable the attacker to hijack another user's session, impersonate another user, or crack an encryption key (depending on what the random function was used for).
I hope I have given all necessary details regarding this matter.
I am looking forward to hearing from you at your earliest convenience.
Thank you.
The text was updated successfully, but these errors were encountered: