Affecting generate-password package, versions <1.4.1
generate-password is a relatively extensive library for generating random and unique passwords.
Affected versions of this package are vulnerable to Cryptographic Backdoor. It generates random values that are biased towards certain characters depending on the chosen character sets. This may result in guessable passwords.
generate-password to version 1.4.1 or higher.
Do your applications use this vulnerable package?
- Snyk ID
- 14 Dec, 2018
- 10 Jan, 2019