generate-password@0.0.2

Vulnerabilities

1 via 1 paths

Dependencies

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Cryptographic Backdoor

  • Vulnerable module: generate-password
  • Introduced through: generate-password@0.0.2

Detailed paths

  • Introduced through: generate-password@0.0.2
    Remediation: Upgrade to generate-password@1.4.1.

Overview

generate-password is a relatively extensive library for generating random and unique passwords.

Affected versions of this package are vulnerable to Cryptographic Backdoor. It generates random values that are biased towards certain characters depending on the chosen character sets. This may result in guessable passwords.

Remediation

Upgrade generate-password to version 1.4.1 or higher.

References